Journal of Network and Computer Applications 61 (2016) 59–80

Contents lists available at ScienceDirect

Journal of Network and Computer Applications

journal homepage: www.elsevier.com/locate/jnca

Review in mobile : A survey

Mojtaba Alizadeh a,b, Saeid Abolfazli c,n, Mazdak Zamani d, Sabariah Baharun b, Kouichi Sakurai a a Department of Informatics, Graduate School and Faculty of Information Science, Kyushu University, Fukuoka, Japan b Malaysia-Japan International Institute of Technology (MJIIT), Universiti Teknologi, Malaysia c YTL Communications and Xchanging, Malaysia d Department of Computer Science, Kean University, NJ, USA article info abstract

Article history: Mobile cloud computing (MCC) is the state-of-the-art mobile distributed computing model that incor- Received 29 March 2015 porates multitude of heterogeneous cloud-based resources to augment computational capabilities of the Received in revised form plethora of resource-constraint mobile devices. In MCC, execution time and energy consumption are 21 September 2015 significantly improved by transferring execution of resource-intensive tasks such as image processing, 3D Accepted 18 October 2015 rendering, and voice recognition from the hosting mobile to the cloud-based resources. However, Available online 6 November 2015 accessing and exploiting remote cloud-based resources is associated with numerous security and Keywords: implications, including user authentication and authorization. User authentication in MCC is a critical Cloud computing requirement in securing cloud-based computations and communications. Despite its critical role, there is Mobile cloud computing a gap for a comprehensive study of the authentication approaches in MCC which can provide a deep Security insight into the state-of-the-art research. This paper presents a comprehensive study of authentication Authentication methods in MCC to describe MCC authentication and compare it with that of cloud computing. The taxonomy of the state-of-the-art authentication methods is devised and the most credible efforts are critically reviewed. Moreover, we present a comparison of the state-of-the-art MCC authentication methods considering five evaluation metrics. The results suggest the need for futuristic authentication methods that are designed based on capabilities and limitations of MCC environment. Finally, the design factors deemed could lead to effective authentication mechanisms are presented, and open challenges are highlighted based on the weaknesses and strengths of existing authentication methods. & 2015 Elsevier Ltd. All rights reserved.

Contents

1. Introduction and motivation ...... 60 2. Authentication in mobile cloud computing ...... 61 2.1. Mobile cloud computing ...... 61 2.2. User authentication in mobile cloud computing ...... 63 2.3. MCC vs. cloud computing authentication ...... 63 3. The state-of-the-art of authentication approaches in MCC: taxonomy ...... 64 3.1. Cloud-side authentication methods ...... 64 3.1.1. Identity-based authentication methods ...... 64 3.1.2. Context-based authentication methods ...... 66 3.2. User-side authentication methods ...... 67 3.2.1. Identity-based authentication methods ...... 67 3.2.2. Context-based authentication methods ...... 69 3.3. Evaluation criteria for authentication in MCC ...... 70 3.3.1. Usability ...... 71 3.3.2. Efficiency...... 71

n Corresponding author. E-mail addresses: [email protected], [email protected] (M. Alizadeh), [email protected] (S. Abolfazli), [email protected] (M. Zamani), [email protected] (S. Baharun), [email protected] (K. Sakurai). http://dx.doi.org/10.1016/j.jnca.2015.10.005 1084-8045/& 2015 Elsevier Ltd. All rights reserved. 60 M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80

3.3.3. Security and robustness...... 72 3.3.4. Privacy...... 72 3.3.5. Adaptable to MCC environment ...... 72 4. Prospective authentication algorithms in MCC ...... 73 4.1. Mobile device characteristics ...... 73 4.2. Usability preferences ...... 73 4.3. Security and privacy ...... 74 4.4. Mobility...... 74 4.5. Support heterogeneity...... 74 4.6. Adaptiveness ...... 75 5. Open challenges...... 75 5.1. Heterogeneous infrastructure ...... 75 5.2. Seamless handover ...... 75 5.3. Identity privacy ...... 76 5.4. Resource scheduling ...... 76 6. Conclusions ...... 76 Acknowledgement...... 77 References...... 77

1. Introduction and motivation et al., 2014; Xuanxia et al., 2014; Khan et al., 2013a; Sood, 2012). Successful diffusion of cloud computing technology with mobile The mobile cloud computing (MCC) is “a rich mobile computing devices incites users desires for efficient and also secure service technology that leverages unified elastic resources of varied clouds delivery. Furthermore, in MCC environment, typical mobile devi- and network technologies toward unrestricted functionality, storage, ces communicate through the combination of heterogeneous and mobility to serve a multitude of mobile devices anywhere, wireless networks, which is more energy-intensive compared to anytime through the channel of Ethernet or the Internet regardless of wired communication. Hence, reducing mobile devices' resource heterogeneous environments and platforms based on the pay-as- consumption is an important and critical problem in delivering you-use principle.” (Sanaei et al., 2013). MCC incorporates cloud sustainable and long-lasting on-demand services to the end-users computing, mobile computing, and wireless networking and aims to (Shon et al., 2014). Although mobile devices' resource poverty can provide cloud-based services to the mobile consumers (Abolfazli be alleviated by cloud computing and cloud-based augmentation et al., 2014a; Fernando et al., 2013). In MCC, execution time and techniques (Abolfazli et al., 2014a), inadequate security manage- energy consumption are significantly improved by transferring ment inhibits development and successful deployment of cloud- execution of resource-intensive application from the hosting mobile connected security-sensitive applications in broad areas, including to the cloud-based resources.Therefore, once MCC is fully deployed, health-care, financial services, and e-government services. the mobile devices do not require high resources, such as central Researchers in several efforts (Yang et al., 2014; Li and Li, 2014; processing unit (CPU), random access memory (RAM), storage, and Si et al., 2014; Xia et al., 2014; Sookhak et al., 2014; Kaewpuang particularly battery, because the entire data or complex computing et al., 2013; Rahimi et al., 2013; Yang et al., 2013; Ma and Wang, are manipulated in the remote cloud-based resources (Ko et al., 2012; 2012; Satyanarayanan et al., 2009; Ra et al., 2011) have studied Abolfazli et al., 2012; Liu et al., 2015).MCChasemergedasasubsetof varied aspects of MCC, including task outsourcing, heterogeneity, cloud computing to enable intensive on-demand elastic computing virtualization, energy saving, and remote auditing, aiming to and storage on the go to the potential mobile users. Mobile devices, enhance the MCCs performance and efficiency. However, security particularly tablet personal computers, smart phones, and PDAs are (as another crucial aspect of MCC), particularly authentication is becoming an integral part of today's lifestyle as they are convenient overlooked. The security challenges in MCC are twofold, namely and effective communication endpoint. The swift development of cloud security and mobile network security because of the co- mobile computing has become a forceful pattern in IT technology's existence of cloud computing and mobile computing in MCC (Peng development in commerce and related fields. According to Cisco et al., 2014; Morrow, 2011; Zissis and Lekkas, 2012; Dijiang et al., visual networking index statistics (Cisco, 2014), the usage of smart- 2011). One of the most important security issues for MCC users is phone and global mobile data traffic grew 50 and 81 percent in 2013, authentication and authorization (Esposito and Ciampi, 2015; Yu respectively. Nevertheless, performance and functionality of mobile and Wen, 2012; Riley et al., 2011). As an example, a lost or stolen devices are hindered by several limitations, particularly computing mobile device could be abused to access a host and download and storage resources (i.e., CPU, RAM), wireless communication sensitive data from the cloud, if a mobile user is registered with a throughput, battery life, local data safety, communication security, particular cloud service provider, both mobile device and cloud and mobility impeding development of the quality of service (Abol- server should authenticate each other in order to secure the fazli et al., 2014a). The idea of remote computing and the process of communication when the mobile user accesses the cloud from augmenting mobile devices using remote cloud-based computing different locations using heterogeneous networks and various and storage resources is envisioned to overcome the inherent chal- mobile devices (Clarke et al., 2002). lenges and shortcomings in mobile computing (Aminzadeh et al., Several studies (Xu et al., 2013; Wang et al., 2013; Noureddine and 2015). This is carried out by utilizing other resource providers besides Bashroush, 2013; Ghazizadeh et al., 2014; Singh and Singh, 2012; Guo themobiledevicetohostthedeliveryofresource-intensivemobile et al., 2012; Dinesha and Agrawal, 2012; Li et al., 2013; Zhi-Hua et al., applications (Dinh et al., 2013; Alizadeh et al., 2013a,b). 2012; Zhang et al., 2012; Yongqing and Xiang, 2012; Yassin et al., Although MCC is proven to be advantageous in augmenting 2012; Wang and Jia, 2012; Sang-Ho et al., 2012; Ahn et al., 2011)have computational capabilities of mobile devices and conserving their been conducted to propose suitable authentication schemes in cloud native resources, leveraging remote resources introduces several computing. However, authentication in MCC, as one of the most challenges, including reliability, security, trust, and privacy (Khalil crucial security countermeasures, has not been studied yet. Moreover, M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80 61 several efforts have been undertaken to study varied aspects of the Table 1 MCC. Khan et al. (2013a) evaluated and identified the security issues List of acronyms and corresponding full forms. of the existing security schemes in MCC infrastructure. Furthermore, Acronym Full form the security issues and challenges of MCC are discussed in Khan et al. (2013b,c), Popa et al. (2013), Jin et al. (2013), Kumar and Rajalakshmi 2D 2 dimensional (2013), Alizadeh and Wan (2013), Hui et al. (2013) and Shahzad and 2G 2nd generation Hussain (2013) by surveying the current state of mobile cloud devices 3G 3th generation 4G 4th generation security vulnerabilities, and exploring the various possible solutions. AES Advanced standard However, authentication as one of the most crucial security coun- AS Authentication server termeasures, has not been studied yet. Therefore, we aim to fill the CER Crossover error rate gap by conducting a comprehensive survey to assess and analyze CPU Central processing unit various authentication schemes in MCC aiming to furnish an FAR False acceptance rate FRR False rejection rate insightful view of the state-of-the-art of authentication methods GPS Global positioning system in MCC. IA Integrated authentication The significance of applying appropriate authentication meth- ID Identifier ods and also lack of suitable authentication mechanisms in MCC IMEI International mobile station equipment identity IMSI International mobile subscriber identity based on security and usability criteria motivates us to evaluate LTE Long term evolution and analyze the state-of-the-art authentication approaches. MCC Mobile cloud computing The main contributions of this paper are: MDA Message digest algorithm NFC Near field communication We provide a description of MCC security challenges. OTP One-time pad PDA Personal digital assistant Comprehensive survey of the state-of-the-art authentication PIN Personal identification number methods in MCC is provided. PRNG Pseudorandom number generator Security and performance of authentication mechanisms are QR Quick response analyzed for MCC based on five critical metrics. ROC Relative operating characteristic RSA Rivest Shamir Adleman We identify and discuss several important factors deemed could SI State identifier contribute to the successful development of future authentica- SLA Service-level agreement tion methods for mobile devices in MCC environment. SMS Short message service Several open challenges that ground future researches are SNR Signal to noise ratio discussed. SSL Secure socket layer TCG Trusted computing group TLS Transport layer security Authentication in MCC benefits communications and networking TNC Trusted network connect communities by providing a comprehensive insight into the domain TPA Third party agent so future wireless communication technologies and architectures can TTP Trusted fi fi URI Uniform resource identi er ef ciently and effectively furnish cloud-based resources to the mobile VM Virtual machine users with high security and low footprint. Discussed evaluation WAN Wide area network criteria highlight effective factors as a guideline to design suitable Wi-Fi Wireless fidelity authentication schemes, which can benefit the research community. WiMAX Worldwide interoperability for microwave access The open challenges grant future research directions toward pro- WLAN Wireless local area network ZKP Zero knowledge proof posing a suitable authentication scheme that mitigates security issues in MCC. In this paper, the terms mobile devices and smartphones are used interchangeably with similar notion. Table 1 shows the list of computing phenomenon. MCC as the state-of-the-art mobile dis- acronyms used in the paper. tributed computing technology incorporates three principal tech- Section 2 provides a brief introduction to MCC and discusses nologies, namely mobile computing (Imielinski and Korth, 1996), the evaluation criteria to analyze authentication methods in this cloud computing (Mell and Grance, 2011), and wireless networking environment. Section 3 surveys the state-of-the-art authentication (Lei et al., 2013). Therefore, MCC can be defined as “arichmobile methods in MCC. In Section 4, the important factors that are computing technology that leverages unified elastic resources of deemed could benefit design and development of future MCC varied clouds and network technologies towards unrestricted func- authentication methods are presented. The open challenges are tionality, storage, and mobility to serve a multitude of mobile devices discussed in Section 5. Finally, we conclude this study in Section 6. anywhere, anytime through the channel of Ethernet or the Internet regardless of heterogeneous environments and platforms based on 2. Authentication in mobile cloud computing thepay-as-you-useprinciple” (Sanaei et al., 2013). In MCC, a shared pool of various configurable cloud-based In this section, we present a brief introduction over MCC from computing resources is utilized to enhance and optimize mobile authentication point of view. In the first part, definition of MCC is devices computing capabilities such as executing resource- presented based on the existing studies. We then describe possible intensive applications. MCC has penetrated into a very large MCC architectures and its different components. Furthermore, number of domains, and researchers are increasingly adopting fi authentication in MCC is presented and the signi cant role of cloud computing to augment mobile devices in critical domains, authentication in successful adoption of cloud-based mobile appli- particularly health-care (An et al., 2014; Al-Zoube and Alqudah, cationsishighlighted. 2014; Hoang and Chen, 2010; Doukas et al., 2010), education 2.1. Mobile cloud computing (Mahalingam and Rajan, 2013; Chen et al., 2013; Dong et al., 2012; Huang, 2011), remote monitoring (Xu et al., 2012; Zhang et al., In this part, some of the credible MCC definitions are provided to 2014), tourist industry (Song et al., 2012; Pal and Henderson, 2013; furnish the fundamental knowledge of this rapidly emerging Li et al., 2011), and transportation (Chandra et al., 2013). 62 M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80

On the other hand, MCC can also be referred to a mixture of cloud limitations, and insufficient maintenance, hinder utilization of computing and mobile web, which are dominant preferred tools of such nearby resources (He et al., 2015a). Third resource type refers mobile users when consuming Internet services and applications (Liu to the proximate mobile computing entities such as PDAs, Tablets, et al., 2010; Christensen, 2009). MCC services focus on furnishing Laptops, wearable computers, and smartphones that provide varied cloud-based services, particularly computing and data storage resources to the other nearby mobile nodes. The security and to mobile users. Therefore, cloud-connected mobile users can per- privacy threats such as eavesdropping, denial-of-service, Trojans, form infinite computing and data storage on demand. malware, viruses, worms, and mobile loss, are the critical concerns Cloud resources are different for mobile users compared to using these kinds of resources (He et al., 2015b; Louk immobile users. Immobile users consume computing and storage et al., 2014; Allam et al., 2014; Mylonas et al., 2013; Wang et al., resources from the private or public cluster of visualized servers, 2012). The last type is the hybrid infrastructures which are com- known as cloud data centers mostly via wired connectivity. prised of various kinds of distant and proximate computing However, intrinsic and non-intrinsic limitations of mobile devices, machines. including resource poverty, interruptible battery, and wireless Themobiledevicesareconnectedtothecloud-basedresources communication (Abolfazli et al., 2014b) are obligating highly het- dominantly through the risky channel of the Internet via the wireless erogeneous types of cloud-based resources (Sanaei et al., 2013)to medium, though Internet-free connection to nearby or private fulfill varied computing requirements of mobile users in different resources is also conceivable. Therefore, the remote computing and occasions. Throughout the MCC efforts, four types of computing data transmission are completed in collaboration of mobile clients, resources (known as cloud-based resources) are introduced, cloud-based resources, and heterogeneous wireless technologies. namely distant immobile clouds, proximate immobile computing According to the classification of cloud-based resources, four possible entities, proximate mobile computing entities, and hybrid architectures depicted in Fig. 1, can be plausible for MCC. resources (Abolfazli et al., 2014a; Satyanarayanan et al., 2009). In Each of the plausible MCC architectures has different security and the distant immobile cloud, the mobile user connects to the sta- privacy requirements depend on the type of cloud-based resources tionary cloud servers in distance through the risky channel of the and wireless communication technology/medium. The security and Internet. Though the distant stationary cloud server such as the privacy threats within different parts of MCC, including cloud public cloud provides more secure enforcements, they are vul- resources (Xiao and Xiao, 2013), mobile devices (La Polla et al., 2013), nerable to security breaches and crashes due to bulky volume of and wireless networking makes designing a secure framework more sensitive data such as Amazon EC2 crash (Cachin and Schunter, challenging. Though mobile devices have some resource limitations to 2011). The second cloud-based resource type is the stationary perform complex cryptographic algorithms, the cloud resources can computers that are located near the mobile nodes. These machines process resource-intensive algorithms instead of mobile devices. are available for the mobile device in public places such as air- In this research, the security issues as one of the important con- ports, coffee shops, and malls, and can process resource-intensive cerns in MCC are considered, and some proposed solutions are parts of mobile applications. The security and privacy issues such reviewed. The user authentication is highly important to protect as lack of strong security approaches, security infrastructure networks from different security threats (Furnell et al., 2000, 2008;

Proximate Mobile Computing Distant Immobile Proximate Immobile Computing Cloud

BTS Internet Access Point Access Point

Hybrid Computing

Access Point

BTS

BTS Internet

Fig. 1. Four mobile cloud computing architecture models – (a) distant immobile clouds perform elastic computing, (b) proximate immobile computing entities near the user perform elastic computing, (c) proximate mobile computing entities in user vicinity perform elastic computing on behalf of user and (d) hybrid model converges varied types of cloud-based resources to perform elastic computing. M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80 63

Clarke and Furnell, 2007; Simmons, 1988; Weiwei et al., 2011). Suc- mobile devices introduce some challenges for designing effective cessful adoption of MCC highly necessitates robust and effective and efficient authentication mechanisms. Some of the most authentication solutions by which users can utilize the cloud-based important differences between authentication requirements and services for their mobile devices anytime, anywhere, from any mobile principles in MCC and cloud computing are described below. device with low computing cost on the native resources. The MCC authentication is different from a typical mobile device because in Resource limitations: Resource limitation among mobile devices MCC environment, the mobile device connects to the Internet to refers to incapacitation in computational power, battery life- perform authentication. Furthermore, the resource-intensive parts of span, and storage capacity in comparison to typical computers authentication mechanism can be transferred and processed in cloud in cloud networks. Computational performance and function- servers using a suitable algorithm. alities of mobile devices are significantly hindered by such as During the last few years, authentication for cloud computing incapacitation. Consequently, most of the mobile devices are has been investigated in several researches (Ghazizadeh et al., incapable of efficiently executing sophisticated resource- 2014; Xu et al., 2013; Wang et al., 2013; Noureddine and Bash- intensive encryption algorithms, for example, RSA algorithm roush, 2013; Singh and Singh, 2012; Guo et al., 2012; Dinesha and with 2048 bits (Sheng and Gong, 2010). However, non-mobile Agrawal, 2012; Chow et al., 2010; Li et al., 2013; Zhi-Hua et al., cloud users are benefiting from plenty of local computational 2012; Zhang et al., 2012; Yongqing and Xiang, 2012; Yassin et al., resources, high speed wired Internet connection, and contin- 2012; Wang and Jia, 2012; Sang-Ho et al., 2012; Ruj et al., 2012); uous power source, which allow resource-intensive authentica- however, comprehensive study of MCC authentication, which is tion algorithms without serious effect on user experience crucial in design and development of future authentication (Qureshi et al., 2011). Therefore, mobile devices require robust methods is lacking and demands further efforts. The lack of secure but lightweight authentication mechanisms that can ensure and efficient authentication methods necessitates a vital need to authenticity of users without draining local resources (Yang conduct a comprehensive research to gain deep insight into the et al., 2010). filed. Different authentication methods aiming to improve the Mobile device sensors: Mobile device sensors such as touch MCC security are analyzed in the following parts. screen, gyroscope, accelerometer, camera, digital compass, and microphone give the researcher this opportunity to add other 2.2. User authentication in mobile cloud computing authentication factors, particularly to improve the level of security in MCC (Giuffrida et al., 2014; Lane et al., 2010; User authentication in MCC is the process of validating the Jeong et al., 2013; Le et al., 2013). The authentication mechan- identity of the mobile user to ensure that the user is legitimate to isms can benefit from the various types of mobile device access mobile cloud resources (Schwab and Yang, 2013). Authen- sensors, which can measure user's biometric attributes, such tication as a critical aspect of security enforcement approaches in as fingerprint, and facial, retina, iris, voice, gait and keystroke MCC is essential to protect users against existing security and patterns that are used as authentication factors (Omri et al., privacy issues by preventing unauthorized access to the mobile 2012; Al Rassan and AlShaher, 2014). Although the authentica- cloud user information (Park et al., 2011; Zhu et al., 2009). The tion methods in cloud computing can benefit from peripheral security and privacy issues of mobile cloud users are the main accessories and equipments on end-user computers, additional hurdles to the successful and rapid MCC deployment, which exist cost can create a hurdle. Besides the significant benefits of latest in three MCC components, namely cloud, wireless communication, sensors, they introduce security breach points too that compli- and mobile device. Therefore, considering characteristics and cate designing authentication methods in MCC. For instance, computing limitations of mobile devices, effective and efficient researchers in Owusu et al. (2012) could unveil credentials of a MCC authentication solutions are expected to be lightweight with user by decoding accelerometer sensor readings on smartphone the least possible computing, memory, and storage overheads. when the user enters his/her credentials. The aim of effective authentication solutions is to minimize the High mobility: Mobility can originate latency due to WAN security threats to mobile devices. Discussion over the security latency that is intensified by signal handoff in the presence of and privacy threats in MCC is out of scope of this paper, and thus heterogeneous networks. The miniature nature and mobility of we only point the most important threats and provide relevant mobile devices can intensify chance of robbery and loss leading references for interested readers. Some of the most important to high probability of user privacy and security violation in the security threats to mobile users are information leakage, denial of absence of robust authentication solutions (Khalil et al., 2014). service, malfunction of devices and theft or loss of the device (Park In addition, in contrast to static computers, the quality of et al., 2011). Moreover, security threats found in mobile devices connection to the Internet is not stable in MCC because of can manifest as attacks via the services offered through the mobility of peers (Ardagna et al., 2014). Furthermore, fast wireless networks, including network profiling, information lea- authentication procedure is desired to protect seamless con- kages by sniffing, session hijacking, and jamming (La Polla et al., nectivity for mobile devices in roaming (Lingfeng and Hoang, 2013; Xiao and Xiao, 2013; Morshed et al., 2011; Zissis and Lekkas, 2013; Mansoor et al., 2015; Jana and Bandyopadhyay, 2013). 2012; Khan et al., 2013a). Furthermore, the potential threats in the Network heterogeneity: The mobile devices connect to Hetero- cloud computing system include denial of services, information geneous Network (HetNet) (Sanaei et al., 2013; Lei et al., 2013), leakages due to mismanagement, authentication threats and which has various kinds of radio access such as Wi-Fi, WiMAX, control of access with default applications (Jang et al., 2011), can 2G, 3G, 4G and LTE to accomplish the data traffic demand in be considered in MCC. MCC. In addition, a proper handoff scheme is critical for In the following parts, The differences between authentication heterogeneous networks to have seamless connectivity and in cloud computing environment and MCC are discussed in the authentication plays role in handoff procedure (Avelar following part. et al., 2015; Bin et al., 2012; Chu et al., 2012). An authentication method must be designed based on security and performance 2.3. MCC vs. cloud computing authentication requirements of each network technology that is a challenging part in MCC. In cloud computing environment, the user is Authentication mechanisms in MCC are different from cloud typically immobile and authentication procedure can be done computing in several ways. The capabilities and limitations of without using HetNet. 64 M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80

Wired or wireless communication: The type of communication information such as and biometrics are highly exposed technology can be considered in designing security frameworks to risk (Rahul and Sharda, 2013). Therefore, robust authentication and risk evaluation schemes to (near) optimally fit authentica- method is a critical requirement for mobile-cloud environment. tion methods based on limitation and capabilities of commu- We further classify cloud-side authentication methods into two nication technology. Typically, the wireless communication that groups of identity-based and context-based that are explained as is used to access cloud resources introduces some security and follows. privacy issues in MCC compared to mostly used wired com- munications in cloud environment (Ardagna et al., 2014; Mor- 3.1.1. Identity-based authentication methods shed et al., 2011). Moreover, the probability of failure of security In identity-based authentication methods, users are authenti- protection such as authentication in MCC is potentially high due cated through user identification attributes such as unique ID, to inconsistency of wireless communications (Honggang et al., password, and (seldom) biometrics. However, the user attributes 2014). Besides, the user authentication procedure in cloud are usually fixed (users try to simplify the authentication process environment can be done through the wired network without by selecting similar user names and for varied vendors) connecting to various wireless networks, which makes design- in this kind of authentication, which introduces some issues such ing the authentication mechanism less challenging compare to as exposing private biometrics information and user ID to different MCC environment. service providers leading to weakening their authentication power (Zhi-Hua et al., 2012). Consider a particular user who is main- The differences between MCC authentication and cloud com- taining identical user names and passwords for multiple services puting that are recommended to be considered to propose a sui- such as Gmail, YouTube, and Facebook. If security of one of these table authentication mechanism are summarized in Table 2. servers is compromised, all other accounts are in risk due to similarity of the credentials. The authenticator entity checks the user attributes directly without extra analyzing indirect proce- 3. The state-of-the-art of authentication approaches in MCC: dures such as the user behavioral analysis. The authentication taxonomy provider is the responsible entity for and performing primary user authentication. In this section, we comprehensively analyze various methods Below we critically review some of the most credible identity- based on the type of authentication components used in authen- based authentication methods. tication procedure. We classify authentication methods into two main categories, namely, cloud-side and user-side authentication Multifactor-based authentication: Jeong et al. (2013) proposed a approaches. Each category is again divided into two sub-categories multi-factor authentication method for MCC. Different authen- based on types of authentication credentials. The credential is tication features such as basic ID/password, mobile identifica- defined as a unique identifier that can be used for node authen- tion number, and various bio-information of user are combined tication. There are two types of credentials based on this classifi- to preserve security. This method enhanced authentication cation, namely, identity-based and context-based credentials efficiency and performance by processing these authentication (Aboudagga et al., 2005). Figure 2 illustrates our devised taxonomy factors in bulk not one by one in mobile cloud environment. of authentication in MCC which is described as follows. Proposed architecture comprises of four main entities, includ- 3.1. Cloud-side authentication methods ing mobile devices, storage, a management server, and a cluster host. The authors assumed that Transport Layer Security (TLS) In cloud-side authentication approaches, most of the authen- protocol/Secure Sockets Layer (SSL) is utilized for communications tication steps are processed in the cloud server. The cloud between the authentication system and wireless access points. The resources bring some advantages to improve the performance of task of each entity is applied according to the multi-factor authentication method by providing elastic processing and storage authentication architecture, and the five employed authentica- capabilities. Furthermore, different kinds of authentication factors tion parameters are used to authenticate the mobile users, can be incorporated to authentication procedure based on security including: (1) ID/password, (2) international mobile equipment requirements of the user. In addition, the cloud-based authenti- identity (IMEI), (3) international mobile subscriber identity (IMSI), cation methods are more flexible, efficient, and adjustable com- (4) voice recognition, (5) face recognition. The cluster host dis- pared to other authentication methods because of using unlimited tributes these five parameters to individual VMs to improve per- resources of cloud servers. formance of the authentication process. The management server Although, the cloud-based authentication introduces some manages the load balancing on the VMs in the clustered host. To benefits in case of performance and usability, it introduces some protect the user in case of mobile device loss and theft, IMEIs and security and privacy issues. In the era that mobile users are con- IMSIs are used. All the user authentication information are stored suming cloud services from the plethora of different cloud vendors in the storage. It is worth noticing that the provided hash function who store user's data on multiple instances around the globe encrypts IMSI and IMEI to prevent exposure of these two private (redundant data for data safety), the user's private authentication IDs. The details of this architecture are described in Fig. 3. The procedure of this authentication method is similar to Table 2 normal multi-factor authentication methods that use biometrics MCC and cloud authentication comparison. with other factors together; however the authors designed a method to be more fit to MCC as they utilized processing capacity Metrics MCC Cloud Computing of VMs in MCC environment. The individual VMs process each Resource limitations N/A factor of authentication simultaneously to reduce the time of an Mobile device features √ N/A authentication procedure. High mobility N/A Although, this method improved the performance of authen- Network heterogeneity tication compared to other methods in this area, the privacy issues Wired or wireless communication N/A of using biometrics factors are neglected in security and privacy ( ) – challenge, (√) – opportunity and – (N/A) not effective. evaluation. The bio-information are very sensitive data that are M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80 65

State-of-the-art MCC Authentication

Cloud-side User-side

Identity-based Context-based Identity-based Context-based

FDZ [94] TrustCube [92] Multi-factors [103] Cloud-based Biometric [105] QR code-based [119] SMCBA [106]

MDA [117] SeDiCi 2.0 [120] NemoAuth [104]

Fig. 2. Taxonomy of the state-of-the-art authentication in MCC.

ID/PW Face Recognition Voice Recognition IMEI IMEI Management Server Hash

VM1

VM2

Wireless AP Smartphone L2 Switch VMn Cluster Host

IMEI ID/PW Face Voice Log IMSI

Storage

Fig. 3. The multi-factor authentication architecture. recommended to be confidential and appropriate encryption mobile user authentication and subsequently the mobile device algorithms can be applied to preserve the confidentiality of data. verifies authenticity of the cloud in the second phase. First Another security issue that is being ignored in this method, is mobile device sends the authentication request to the cloud mutual authentication between mobile users and MCC server. The server as shown in Fig. 4. user can check authenticity of the MCC servers to prevent different attacks such as man-in-the-middle, where an attacker can monitor As Figure. 4 shows, the user has two message digests, MDcloud or alter communication messages, and masquerading attack, and MDuser that are used to create MD. The password is hashed and which means an attacker impersonates either user or authenti- XORed by user ID, to protect user from an attacker during cator. Although authors could fit devised authentication method authentication. The Pseudo Random Number Generator (PRNG) is into MCC domain by utilizing the processing power of the cloud an algorithm to generate random number using seed and State server to improve authentication performance. Identifier (SI). The mobile node sends ♯CF JETkfEauth_keyifMDgJSIg to the cloud server. In this message, ♯CF is a column reference of Message digest authentication: Dey et al. (2013) proposed an stored mobile user and Eauth_keyi is the nth sequence of bits, which authentication scheme using message digest (MD) called MDA. are generated by PRNG. The ETk is calculated by XOR-ing hashed This method is designed based on existing mobile device user password and userID. hardware and platforms to protect mobile user against different The cloud server checks user authentication after receiving potential security attacks. The vulnerability of the system is mobile device authentication request message. The procedure of computed by vulnerability score, Sv, which is a measure of the this phase is shown in Fig. 5. number of attacks that the method can prevent. The Sv is Firstly, the cloud server checks ♯CF,tofind userID and hashed calculated according to the following equation: password. Then, it generates Tk to decrypt the received message = Sv ¼ðNsuccessÞ ðNÞð1Þ from the mobile device. After decrypting the message, the cloud where N is the number of attacks that are launched on the server obtains MD, and compares both message digests to check user authenticity. The authenticity of the mobile device is verified authentication method, and Nsuccess is the number of recorded n successful attacks. The amount of Sv is between 0.0 and 1.0. only if MD and MD messages are match. Once the mobile user is Mutual authentication is an important security countermeasure authenticated to the cloud server, the procedure of cloud server that is considered in this method. The procedure of this method authentication will be initiated. The cloud server sends its digital

includes two phases; in the first phase, cloud server checks signature that is encrypted by its private key, Pkpriv_cloud, to the 66 M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80

MD MD MDcloud MDuser cloud user

Hash Hash

* MD MD If MD matches MD, then the cloud Auth_keyi is legitimate MD* User ID From Cloud End ENC

DS DEC PRNG cloud User ID Hash {Password}

Seed Tk Pkpub_cloud XOR SI DEC Hash || {Password} ETk{PKpub_cloud || MDuser ||MDcloud ||#CF}

Fig. 6. The cloud server authentication procedure in MDA. Tk together. Furthermore, user privacy is preserved by hashing userID and Password. Nevertheless, the security and privacy of this ENC method are protected compared to other methods, but the pro- cedure of this authentication scheme is somehow complicated. Additionally, it is recommended to transfer some processing steps that are processed in the mobile device, to the cloud server to improve the performance of the scheme, however, doing such kind #CF of improvement will be more complicated.

Fig. 4. The procedure of the authentication request message in MDA method. 3.1.2. Context-based authentication methods In Context-based methods, the users are authenticated by sent to mobile * #CF || E {E {MD } || SI} * device analyzing multiple passive user information such as IP address, Tk auth_keyi If MD matches MD, then user is legitimate DScloud device location, user biometrics, signal to noise ratio, and beha- vioral features of users (Aboudagga et al., 2005). The context- E {MD } DEC DEC MD* MD ENC based methods are more autonomous compared to the identity- based method because the authentication procedure is completed #CF SI with the minimal user interaction. However, the usability of authentication mechanism can be improved by reducing user PRNG TK involvement during the authentication procedure; the accuracy of Hash Pk context-based method is lower than identity-based methods Seed priv_cloud (Cloud Private Key) because authentication procedure depends on the accuracy of the User ID XOR Hash {Password} result of analyzing user pattern information. Furthermore, ana- lyzing the MCC user private information such as location, bio- metrics, calling pattern, and web searching pattern, which can be MDcloud used to improve the accuracy of context-based method, increases the privacy issue. In contrast to the accuracy and privacy issues, MDuser context-based methods can get some benefits from the various

#CF ||user ID||hash {Password} ||MDcloud ||MDuser} smartphone capabilities in MCC environment for both capturing required user information and processing the retrieved data to Fig. 5. The mobile device authentication procedure in MDA. improve accuracy. mobile device. The mobile device decrypts the cloud server mes- Cloud-ready biometric: Omri et al. (2012) proposed to use user sage to check the authenticity of the cloud server. If the MD handwriting as an authentication factor to access the cloud matches with mobile device MD, then the cloud server is securely. The mobile user writes his password manually using authenticated. The details of the procedure are shown in Fig. 6. his smartphone touch screen and sends the image to cloud server In MDA method, a secure authentication scheme based on to be check the validity of password. There are two criteria to message digest is proposed. Furthermore, most of security and check authentication of users, first the unique handwriting of the privacy criteria that must be achieved to propose a suitable user and the second is the password. In the proposed method, the authentication algorithm are applied. One of the important connection between the cloud and the mobile phone is established security criteria is mutual authentication that is achieved in this by a Hadoop server. The architecture of the system is described in method by authenticating both mobile device and the cloud server Fig. 7. M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80 67

3.2.1. Identity-based authentication methods Similar to identity-based methods in cloud-side, authentication methods that use user identities; however, mobile device pro- cesses and analyzes user attributes to check user authentication instead of cloud servers. The private user identities such as bio- Smartphone Cloud Server metrics are stored locally in the mobile device during authenti- cation procedure in user-side identity-based authentication mechanisms, which increase the privacy issues, especially in case of loss or stolen mobile device.

Decryption Fuzzy vault, digital signature, and zero-knowledge combination: Schwab and Yang (2013) proposed an authentication scheme called FDZ to authenticate mobile device in cloud computing environment. In this method, entity authentication for mobile 3456 device's user who wants to connect to the cloud server is Encryption Image Processing provided. This proposed method is based on zero-knowledge authentication, digital signature, and fuzzy vault. Firstly, the secure encrypted channel between the mobile device and the Fig. 7. Handwriting-based recognition system for MCC. server is created, then entity authentication will be processed. The authors used Diffie–Hellman key exchange protocol to The uniqueness of biometrics features is useful beneficial in create a shared Advanced Encryption Standard (AES) session fi – improving the security of different authentication methods; key. In addition, RSA key pairs are used to protect the Dif e however, some usability and privacy issues are risen by using of Hellman key exchange against attacks especially man-in-the- these features. Unlike usual methods, some biometrics such as middle attack, and fuzzy password are used to avoid some fingerprint and iris, which are more confidential, advised not to be drawbacks of traditional password. This approach is resistant to used as authentication credentials to preserve user privacy. some of the popular security treats and attacks such as impersonation, loss of device, man-in-the-middle, and reply Moreover, the privacy risk for handwriting is lower than other attacks. Asymmetric RSA key pairs and a fuzzy picture password biometrics; however, the accuracy of using handwriting is low as system are used respectively to authenticate the client and well. It is recommended that low accuracy authentication metrics mobile device's user by the server. Finally, a secure encrypted such as handwriting can be applied to other methods such as channel between mobile devices and the cloud servers is using ID and Password together, if handwriting authentication fails, created using Diffie–Hellman (DH) key exchange, after complet- the system can ask for other methods. Furthermore, MCC cap- ing authentication steps. The different steps of proposed abilities are not considered to improve performance of the method are shown in Fig. 8. method, and the mobile phone should process resource-intensive handwriting image encrypting. Additionally, some other security In this method, Diffie–Hellman key exchange protocol is used enforcements such as mutual authentication, and anonymity can to provide key management between server and the client. The be considered to make authentication method more secure against difficulty of the discrete logarithm problem makes this key different attacks. exchange protocol more secure (Forouzan, 2008). It is assumed that an attacker can easily sniff R1 and R2, even in this case, fi fi 3.2. User-side authentication methods nding x and y is computationally dif cult. There is no existing solution to solve the discrete logarithm problem since the Diffie– In user-side authentication methods, most of the authentica- Hellman protocol was introduced. The authors proposed to choose tion steps are processed in mobile devices. In the recent years, the more than 300 decimal for the prime p, and to do not reuse x and y mobile devices' functionalities have been improved rapidly, hence values. Furthermore, this prime p should be selected in the way these mobile devices are capable of running resource-intensive that (p 1) has at least one prime factor, which must be greater than 60 digits. One of the attacks against Diffie–Hellman protocol applications. Furthermore, the mobile devices are equipped with is a man-in-the-middle attack; however, in this scheme, RSA keys high-technology sensors that can be used to capture and analyze is used for digital signatures to protect the protocol against this different inputs. In the user-side methods, these capabilities of attack. The proposed protocol provides encryption services using mobile devices are utilized to check authenticity of mobile users. AES, which uses large key sizes such as 128, 192, or 256 bits to Compared to the conventional PCs, smartphones are able to use prevent a brute force attack. a network through several paths and remain connected all the As analyzing authentication approaches is the main goal of this time. However, this also presents huge threats to users of smart- paper, we focus on the authentication part of this method. For phones. Additionally, there is the serious issue in case of losing or authentication, fuzzy password system is applied, where the misplacing the mobile device, which means the loss of valuable mobile user can select seven images among provided images. If fi user con dential information (Park et al., 2011). the user selects five images correctly, he will be granted to access Transferring resource-intensive processing tasks to the cloud as to server resources; in other cases, the server will reject the one of the main MCC goals contrasts with the processing of the authentication request. The encryption system is provided using authentication mechanism inside the mobile devices in user-side the AES encryption algorithm that is a secure encryption algorithm authentication methods, which makes the user-side approaches less against brute force attack. efficient and secure for cloud-connected mobile devices compared to However, the proposed method uses some security algorithms cloud-side methods. Furthermore, most of the required information that make the method more secure against various threats; it has for authentication are stored in the mobile device in user-side some drawbacks. First of all, the details of the graphical password authentication methods, which increases the user privacy risk in system are not specified, which make security analysis more dif- case of device robbery or loss. ficult. Moreover, the proposed graphical password is not secure 68 M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80

Amazon Cloud Android (Client) (Server)

R1 x y a. Calculate R1 = g mod p 2 a. Calculate R2 = g mod p 1 b. Calculate Session Key K b. Send R1

a. Send R2 b. Sign R With RSA R2, Enc (Sign(R2)) a. Calculate Session Key K 3 2 cli- 4 c. Encrypt with K b. Verify Android Signature

d. Send Signed/Encrypted R2

a. Sign R1 With RSA serv-, Enc (Sign(R1)) 6 Verify Cloud Signature 5 b. Encrypt with K and

c. send Signed/Encrypted R1 K=AES Session Key, RSA=Asymmetric Key, -=Private Value

Fig. 8. Entity authentication protocol. enough, hence more secure graphical password can be proposed Grid DATA to improve the security of authentication part. Additionally, the method needs more computing power to process different steps of this authentication method. Various algorithms such as RSA key exchange, AES encryption, Diffie–Hellman key exchange are used in this approach, which need more computa- tional resources.

QR code-based: According to Oh et al. (2011), the QR code, which is typically a 2-dimensional (2D) code can be used for the authentication scheme in the MCC. “Quick Response” or QR is a form of the matrix that allows quick decoding, utilizing a form of mass storage of high density and uses the Reed–Solomon error correction. Typically, the IDs and passwords, certificates of authentication, and One-Time Password (OTP), which are the most commonly authentication methods, increase the network traffic even if it is only a one-time process of user authentica- tion. In QR code-based scheme, users are able to authorize a whole new set of information in contrast to information using a new form of data that has three types of QR code by changing the user's information to three different versions of QR code and Circulation Loop Method keeping all the QR codes in a distributed format in the cloud Sequential Save server in circulated method. This method would be appropriate to show the necessary information for authentication of the user via its strong points such as compressibility, error correc- tion capability, and high data integration.

The image, ID, and password of mobile user are converted to QR code to implement this kind of code. After creating this code, QR will be stored in one divided cell, which shapes as a grid, and it Fig. 9. The grid shaped QR Code for storing distributed server storage. will be used as an authentication certification for using different services of cloud servers as shown in Fig. 9. between the server and the client. Finally, using a visual password This protocol uses fuzzy password system using the similar for user authentication makes the protocol resistant to imperso- method used by Schwab and Yang (2013), for authenticate the mobile nation attack. fi user. Fuzzy password is a usable method for authentication because it In Oh et al's method (Oh et al., 2011), the network traf cis reduces the difficulty of remembering a password with enough reduced by utilizing QR codes as an authentication system in length and randomness of password. The user can select seven mobile cloud environment. The evaluation of security of this images for getting access to the server, and if he chooses five images method is difficult because the details of the proposed authenti- out of seven images correctly, he will be granted to access to the cation method are not provided. resources. Each image is defined as a number between 1 and 255 by the system, which makes 2557 possible combination of password. SeDiCi 2.0: Grzonkowski et al. (2011) proposed the SeDiCi 2.0 pro- The protocol is resistant to different attacks such as man-in- tocol, which is another form of Zero Knowledge Proof (ZKP) middle, replay, and sniffing attacks. For protecting system against technique. This technique provides mutual authentications, which man-in-the-middle, both client and server use digital signature, are supposed to be more secure when it comes to phishing attack then send information for both party authentication. Replay attack as compared to the present system of using third party protocols. is impossible because the Diffie–Hellman key exchange generates SeDiCi 2.0 (Grzonkowski, 2010) is part of the protocol known as a secure channel randomly. Sniffing attack is avoided using a the TTP (Third Trusted Party) protocol, which uses the ZKP temporary session key, which encrypts the exchanged data technique. The main goal is to provide an improved solution for M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80 69

phishing attempts by offering mutual authentication, where users smartphones that increases the user privacy risk due to device loss do not have to disclose their passwords at each of the websites compared to more reliable cloud environment. that they visit. The user runs his authentication on the browser that domain is controlled Third Trusted Party (TTP), and can login TrustCube: Chow et al. (2010) proposed an extended version of to the system if the name of a service is on the trusted list. Fig. 10 their previous authentication method known as TrustCube shows the different steps of SeDiCi 2.0 authentication protocol. (Song et al., 2009) by integrating the implicit authentication There are three parties that are participating in the protocol, (Shi et al., 2011) to perform mobile client authentication (both including Service (S), Authentication Service (AS), and Client (C). the initial method and extended method feature common name of TrustCube). TrustCube is a cloud-based authentication solu- The client communicates with both authentication and con- tion that is policy-based and utilizes an open standard. It also sumer services to start authentication procedure. The same policy supports the combination of different authentication methods of typical web-browsers is applied in the case of using web-based for the sake of robustness and adaptability. The policy-based applications. In SeDiCi 2.0 protocol, a plug-in-based implementa- authentication has several unique advantages such as the fi fi tion is utilized to allow the application to bypass the browsers' utilization of policies that are user-speci c and nely grained, policy. The URI or other identifiers is required to find user location. which can be immediately updated according to users' prefer- ences. In addition, TrustCube uses a framework with federated The URI has two useful characteristics; it contains authentication authentication, more similar to the OpenID; the algorithms of service and user name, and it is also globally unique. Furthermore, the implicit authentication are not specified, and the top-level the users are required to have control over the authentication system description is provided. This system is developed with domain, which can be considered as a second factor for authen- an implicit authentication, which utilizes mobile data such as tication (Adida, 2007). The user never type password at his visited SMS messages, calling logs, location, and website accesses, in websites, which is the only revealed information in login step. On the current mobile environment. The mobile device constraints the other hand, if malicious servers obtain the login information, in input requirements make using complicated passwords more the adversary will attack the user. One of the SeDiCi 2.0 protocol difficult, and this leads to select short passwords and PINs, advantages is that the physical token is not required. Nonetheless, which has the higher rates of security risks. a plug-in is required in the case of utilizing the user browser, which overwrites the standard websites' security mechanisms TrustCube supports a broad range of policies, including the because a web-browser communicates with external services in platform, device's runtime environment, and user. The author this way. called this method as TrustCube because of using the wide range of policies. Fig. 11 shows the architecture of this framework. 3.2.2. Context-based authentication methods In TrustCube scheme, the Trusted Network Connect (TNC) The context-based methods in the user-side analyze user protocol is used for authentication between the authentication behavior features, similar to the cloud-side methods. The only server and the smartphone; the OpenID protocol is used to difference between cloud-side and user-side context-based redirect service requests to the integrated authentication service. The Android is used for developing client agent because it can run authentication method is that the mobile device processes and a background monitoring service, and this ability is critical for data evaluates user information instead of cloud server. collection of implicit authentication. Typically, a context-based authentication mechanism needs After receiving the mobile client's request by the web server, more computation power compared to the identity-based meth- the request details are redirected to the integrated authenticated ods, and processing these kinds of resource-intensive mechanisms (IA) service. Subsequently, the IA retrieves the policy for each by mobile devices, introduces performance issues due to resource access request, and then sends it to the client device after limitations of mobile devices. Therefore, context-based user-side extracting the needed information through the trusted network. authentication methods are less appropriate in MCC compared to The client device generates the report, and sends it back to IA cloud-based methods. Furthermore, in context-based methods, server. Finally, the authentication roles are applied, and authenti- various kinds of users' sensitive information are stored inside cation results are determined by the IA, and the authentication result will be sent to the web server. The usage patterns of users include the calling pattern, SMS activity, website access, and location need to be stored during the implicit authentication method; however, it leads to privacy issues for the users; the problem can be solved using a suitable encryp- tion method. The proposed system is compatible with different authentication methods from passwords to TCG-style integrity measurements. Furthermore, the proposed system can support cloud-oriented authentication methods because of its flexibility.

Securing mobile cloud computing using biometric authentication (SMCBA):In2014,Al Rassan and AlShaher (2014) proposed an authentication algorithm based on fingerprint. In this method, the fingerprint image is captured by existing mobile device camera, which does not need to implement sensors in the mobile device. The whole process of capturing and matching fingerprint is hosted on the cloud server to take all benefits from cloud. The main idea of this method is alike to other normal finger recognition methods that use mobile device camera to capture fingerprint. The procedure of this method is Fig. 10. SeDiCi 2.0 authentication protocol. described in Fig. 12. 70 M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80

The procedure is initiated with the capturing fingerprint image captured by mobile device camera, is lower than using sensors to be processed on the cloud server. After capturing, the pre- to capture the fingerprint images; therefore, it is recommended to processing of the image is applied to convert RGB to gray-scale add other authentication factors such as using ID and Password to image and other steps such as reducing the blur effect, ridge this method. enhancement, and segmentation are completed. This pre- processed image is sent to feature extraction phase, and in the NemoAuth: Le et al. (2013) proposed an authentication method final phase, the server checks the similarity of the extracted fea- called NemoAuth based on the mnemonic multimodal approach. tures to store information of user fingerprint. NemoAuth utilizes different mobile device sensors such as gyro- The privacy issues of using biometrics introduce the require- scopic, gravity, orientation, proximity, pressure, ambient light, ment of applying privacy preserving approaches. In a similar temperature, touch screen, and moisture sensors as well as other situation, some cryptographic algorithms should be applied to the facilities such as microphone and camera to measure and extract captured image by the mobile device before sending it to the cloud the biometric features of mobile device user. In general, the server, however, the fingerprint image is sent in plain text in this dynamic knowledge and biometric based approaches are combined method. Furthermore, the details of utilizing MCC processing and to improve accuracy of authentication method in NemoAuth. storage resources are not clearly explained in this approach, and the fit utilization framework for MCC is advised to be designed. In The procedure of NemoAuth is similar to biometric based the other word, the adaptability to MCC is not clearly defined in methods that predefines and trains user's signature profile during this method. In addition, the accuracy of fingerprint that is system setup step. The user's signature includes a set of multi- modal signatures, and each signature is composed of a set of Integrated Authentication Service Implicit Authentication Service mnemonic and atomic motions. The atomic actions that associate with the mnemonics help users to memorize the secret keys more Policy Engine IA Engine conveniently. There are varied types of atomic actions that can be utilized according to types of mobile device sensors. As an example, the set of atomic actions for touch screen can be taped, TNC Server Database Database line, hold, circle, and cross, and a mobile user can use a fingertip to tap at specific position or hold the fingertip for certain duration on the mobile screen that shows the mnemonic image. Fig. 13 shows an example of using mnemonic image to ease atomic actions that is tap or hold a determined position of the mobile screen. In Fig. 13, the mnemonic image is composed of 16 elements, and each element is located at a determined position of the mobile screen. There is no need to remember the position of image that user wants to tap or hold for certain duration of time, because the user can just remember the memorized elements of mnemonic image. Furthermore, the user can select desirable signature profile according to preferable level of security and usability. In addition, fi Web Server Mobile Client each signature pro le consists of a set of duple that shows the kind of authentication method and the trigger time. The user can set Fig. 11. The TrustCube architecture. signature profile to use different authentication methods in the different period of the day; for example, the mobile device can automatically enable voice signature during non-bed time and GPS Fingerprint Image authentication at home. The main objective of the NemoAuth is to utilize different capabilities of the mobile device to improve the usability of Pre-processing Image authentication by using mnemonic images. However, this method simplifies remembering a password for users and provides dif- ferent options according to mobile device capacities, but the per- Core-point Detection formance and accuracy of authentication are in question because the performance metrics such as False-Acceptance Rate (FAR), False-Rejection Rate (FRR), Relative Operating Characteristic (ROC), and Crossover Error Rate (CER) are not evaluated in this study. Feature Extraction Enrolment Furthermore, applying a multi-modal method needs enough pro- cessing and storage power that can be provided by the cloud server; however, the framework to transfer these intensive pro- cessing steps is not provided. The suitable algorithm to transfer intensive processing phases to cloud can be designed to improve Matching Database performance. No

3.3. Evaluation criteria for authentication in MCC

Yes In this section, the criteria that are used to evaluate authenti- cation schemes in MCC are discussed. We focus on five critical User is Accepted criteria, including, usability, efficiency, security and robustness, privacy, and adaptability to MCC environment. Furthermore, each Fig. 12. Fingerprint recognition procedure in MCC. criterion is defined based on different sub-criteria for precise M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80 71 evaluation. The authentication methods presented in this survey 3.3.1. Usability are evaluated based on the criteria explained as follows. Usability in authentication refers to “the extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use” ISO (1998). Accordingly, several criteria are introduced to evaluate the usability of existing authentication schemes such as effortless memorization, fine-grained protection, and easy-to-learn (Craw- ford et al., 2013; Braz and Robert, 2006; Bonneau et al., 2012). The effortless memorization means that no need to remember any secrets, and to make the procedure of authentication clear and easy for users, which means the authentication method is easy-to- learn. In addition, the security level of authentication procedure is Mnemonic Image tunable based on the users preferences in fine-grained protection. The usability as one of the most important criterion of authenti- cation can be preserved to increase the acceptance rate of method by end-users. Interaction in MCC authentication is performed through mobile devices, which have some limitations such as the small size of screen and small keyboard that introduces some difficulties for users to input required information to complete authentication procedure. The usability limitations and benefits of existing authentication methods are summarized in Table 3.

3.3.2. Efficiency Efficiency in MCC authentication is achieved when the provi- Fingertip sion of authentication service does not require too much resources (Lopez et al., 2004; Abolfazli et al., 2013). In mobile cloud envir- onment, the mobile device accesses cloud resources, however, some parts of authentication protocol are processed in the mobile device. Furthermore, transferring the most resource consuming parts of authentication protocol to cloud server by designing proper method can improve efficiency of authentication proce- Fig. 13. An example of atomic action using mnemonic image. dure. The efficiency of each method is discussed in Table 4.

Table 3 Usability of MCC authentication schemes: pros and cons.

Scheme Pros Cons

Multi-factors (Jeong et al., 2013) Using voice and face recognition, which is easy to User should memorize complicated password provide and hard to replicate instead of complex Using biometrics and password at the same time, password demands more computational resources

MDA (Dey et al., 2013) Using just one factor for authentication simplifies the User should memorize complicated password to authentication procedure achieve high level of security

Cloud-based biometrics (Omri et al., 2012) Inserting password using handwriting is more intuitive Any other authentication factor is not available if the than using tiny keyboard of the mobile devices to enter system fails to identify the handwriting image password 4-digit handwritten password which is easy to remember

FDZ (Schwab and Yang, 2013) Using graphical password, which is easier to remember Memorizing some secrets makes the procedure more difficult for a mobile user QR code-based (Oh et al., 2011) No need to memorize all images The authentication procedure is complicated to the user

SeDiCi 2.0 (Grzonkowski et al., 2011) The authentication is simple to the user as the Using complicated password, which introduces mem- authentication responsibility is carried out by TTP orizing difficulty for user

TrustCube (Chow et al., 2010) Using the fine-grained method that can be customized Using specific mobile data patterns is required to based on user preference improve the accuracy of TrustCube method, which is Using implicit authentication method that does not difficult for the users need the user interferes

SMCBA (Al Rassan and AlShaher, 2014) Easy procedure for user is provided by no longer Using error-prone biometric reduces the usability of the needing to memorize passwords authentication mechanism

NemoAuth (Le et al., 2013) Applying atomic actions using mnemonics to make User should memorize some secrets memorizing secrets easier for user Using biometrics is easy for the users Using both secret and biometrics makes procedure more difficult for the users Using fine-grained method that can be customized based on user situations 72 M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80

Table 4 Efficiency evaluation of MCC authentication schemes: pros and cons.

Scheme Pros Cons

Multi-factors (Jeong Processing authentication factors in bulk, which makes authen- Processing several parameters such as ID/password, IMEI, IMSI, voice et al., 2013) tication procedure faster and face recognition, make the authentication procedure more Using powerful cloud resources to process authentication factors complicated Each factor is processed by one VM in cloud

MDA (Dey et al., The authentication procedure requires just ID/password to make The mobile device must process several steps to send an authenti- 2013) procedure faster cation request to the cloud The number of communication messages is high because of applying mutual authentication, which increases the authentication procedure overhead

Cloud-based bio- The powerful cloud server processes the handwriting image Handwriting pattern is the error-prone method as the mobile user metrics (Omri et instead of the mobile device to reduce the authentication time may write the same digits in different styles al., 2012) The authentication process is simple to the mobile user because of using handwriting to enter the password

FDZ (Schwab and Using graphical password can reduce authentication time Several encryption algorithms such as RSA, AES, and Diffie–Hellman Yang, 2013) key exchange are utilized to process authentication, which reduce the efficiency of the authentication mechanism

QR code-based (Oh et The network traffic is reduced using compressed codes like QR Some time-consuming operations such as converting the user data to al., 2011) Only user name and password is utilized for authentication QR code, are processed by the mobile device

SeDiCi 2.0 (Grzon- Using just password as the only authentication factor makes the Number of communication messages are high because of using TTP kowski et al., procedure simple 2011)

TrustCube (Chow et No need to process data by mobile device because the IA engine Processing several patterns such as SMS activities, calling pattern, al., 2010) processes all the information and location, needs many computation power, make the authentication procedure more complicated

SMCBA (Al Rassan The authentication procedure does not require any password to The mobile device processes resource-intensive task such as pro- and AlShaher, reduce authentication time cessing the user fingerprint image 2014)

NemoAuth (Le et al., Using mnemonics, which are easier to remember than typical Several authentication factors are utilized for user authentication, 2013) password, makes authentication mechanism faster which increases the authentication procedure time

3.3.3. Security and robustness entities. The authentication method should protect private infor- Security and robustness metrics are highly important criteria to mation of users from eavesdropping during the authentication evaluate the authentication methods. These criteria show the procedure. Moreover, anonymity is one of the best approaches to strength and weakness of the algorithm under different attacks in preserve both user and server privacy (Zeng et al., 2009; Kim et al., various situations. According to our review, security criteria 2008; Chang et al., 2009). Other privacy criteria include resistant include resistant to attacks such as impersonation, replay, and to phishing and eavesdropping attacks (Grzonkowski et al., 2011). man-in-the-middle attack. Impersonation attack means that an In phishing attack; an attacker collects credentials of user or server fi attacker can masquerade user and access to the con dential to launch impersonation attack, and in eavesdropping attack, an information (Truong et al., 2012); however, in reply attack, an attacker can read the communication messages. The privacy issues attacker can obtain the user information by replying the pre- and provided protection mechanisms of the MCC authentication viously sent messages (Yoon et al., 2012). In addition, in the man- schemes are summarized in Table 6. in-the-middle attack, an attacker can access to all the messages that are transferred between mobile device and servers, to get 3.3.5. Adaptable to MCC environment intended information by analyzing these messages. This criterion shows how much the proposed method is sui- Furthermore, preferably an authentication method can provide table for MCC environment based on the capabilities and limita- some security services such as untraceability, mutual authentica- tions of this computing paradigm. The limitations and capabilities tion, and user unlinkability to have more secure protection. If an of MCC are advised to be considered. For example, some authen- attacker cannot trace a user using obtained messages, the untra- tication methods are proposed based on resource limitation of ceability of the user is preserved; and if an attacker cannot link mobile devices such as PDA, laptop, cellphone. However, in MCC sniffed messages to a specific user, the unlinkability of the environment, the mobile device can transfer resource-intensive authentication algorithm is well-preserved (Park, 2004). In addi- parts of the authentication algorithm to the cloud server to solve tion, mutual authentication means that both user and server its processing power limitation. In addition, the user needs enough should be authenticated to each other (He et al., 2011). The bandwidth to connect to the cloud server for uploading the security services and limitations of current authentication schemes are discussed in Table 5. required data, which introduce some issues such as network bandwidth and availability of the network. 3.3.4. Privacy Among different categories that mentioned above, the most Privacy is a significantly critical requirement in authentication important category is compatibility of proposed methods with methods to ensure that the user is known only to legitimate MCC environment. After defining different evaluation criteria, the M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80 73

Table 5 Security and robustness of MCC authentication schemes: pros and cons.

Scheme Pros Cons

Multi-factors (Jeong et Using TLS and SSL for communication between network entities Mutual authentication is not applied al., 2013) Utilizing several authentication factors

MDA (Dey et al., 2013) Providing mutual authentication procedure User untraceability is not considered Hashing ID and password before transmission

Cloud-based biometrics The uniqueness of handwriting style prevents an attacker to do any actions, even if he knows Mutual authentication is not applied (Omri et al., 2012) the user password Lack of security attack-resistant mechanisms Mutual authentication is not applied

FDZ (Schwab and Yang, Providing secure channel between mobile device and server using Diffie–Hellman protocol The password space of proposed gra- 2013) phical password is not large enough Resistant against device loss, impersonation, and MITM attack Mutual authentication is not applied Using AES encryption algorithm

QR code-based (Oh et Using Diffie–Hellman protocol to prevent replay attack Lack of security attack-resistant al., 2011) mechanisms Preventing impersonation attack using graphical password The password space of proposed gra- phical password is not large enough Mutual authentication is not applied

SeDiCi 2.0 (Grzon- Mutual authentication is provided User untraceability and unlinkability kowski et al., 2011) mechanism are not considered

TrustCube (Chow et al., It is difficult to impersonate the user, because an attacker must access to different user infor- Mutual authentication is not applied 2010) mation such as calling pattern, SMS activity, website access, and location

SMCBA (Al Rassan and Uniqueness of user fingerprint authentication Mutual authentication is not applied AlShaher, 2014) User untraceability and unlinkability mechanism are not considered

NemoAuth (Le et al., Using the user activity patterns, which are similar to the biometrics and cannot be replicated Mutual authentication is not applied 2013) User untraceability and unlinkability mechanism are not considered existing authentication approaches can be assessed to find the authentication methods are required to focus more on mobile- most important issues of existing authentication algorithms. friendliness when exploiting cloud resources for mobile users. All reviewed/evaluated authentication methods have been presented in Table 7. These methods have been evaluated based on 4.1. Mobile device characteristics security and performance evaluation criteria, which are discussed in Section 3.3. The important features in the mobile device perspective are sto- rage capacity, memory, battery limitation, and processing power. Among these factors, energy considered as the critical resource since the mobile devices consumes the considerable amount of energy to 4. Prospective authentication algorithms in MCC remain connected to the Internet and also process authentication procedure (Abolfazli et al., 2014a). In addition, the suitable authen- In this section, we present guidelines deemed beneficial for tication scheme is compatible to the normal mobile devices with designing relatively more secure, efficient, and adaptive authentica- typical resource capability. Furthermore, the consideration of the tion systems for MCC. The important factors that are essential to be structure and limitations such as processing power and battery of applied in coming MCC authentication approaches are discussed and current mobile devices makes designing an authentication method illustrated in Fig. 14. We classified these factors into five classes of more complicated, and effects selecting the security mechanisms fi mobile device characteristics: (i) usability, (ii) ef ciency, (iii) security such as encryption type and key management scheme (Aiash and and robustness, (iv) privacy, and (v) adaptability to MCC environ- Loo, 2013). ment. The comparison of proposed methods based on mentioned According to our review, the mobile device should be equipped criteria is discussed in Table 7. For ranking purpose, we deployed two with the high quality camera in some of the authentication approa- different scales based on Likert scale; firstly we use very low, low, ches such as Jeong et al. (2013) and Al Rassan and AlShaher (2014) to moderate, and high for usability, efficiency, and adaptability criteria. get better results. In the other word, the quality of the mobile device Secondly, we use poor, fair, good, and very good for security and camera affects the accuracy of authentication decision. Hence, no robustness as well as privacy (shown in Table 7). need to install extra hardwares such as different kinds of sensors is The results in this table advocate lack of adaptivity of current preferable in designing authentication method. MCC authentication schemes for MCC ecosystem. Furthermore, most of these schemes are based on traditional methods that 4.2. Usability preferences previous researchers recommended to be used in conventional mobile computing environment. In the other word, the proposed Security is often recognized as one of the important barriers to schemes hardly considered capabilities and limitations of mobile usability of authentication methods (Braz et al., 2007). The trade-off devices. The results of this comparison indicate that MCC-ready between usability and performance is an important criterion to 74 M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80

Table 6 Privacy evaluation of MCC authentication schemes: pros and cons.

Scheme Pros Cons

Multi-factors (Jeong et Secure against phishing and eavesdropping attacks using TLS and SSL for communication Privacy issues of using biometrics al., 2013) between network entities Anonymity of both user and server is not preserved Lack of providing user biometrics pro- tection mechanism

MDA (Dey et al., 2013) Providing user and server anonymity using XoR and hash function The untraceability is not applied, which Secure against phishing and eavesdropping attacks introduce privacy issue for the user

Cloud-based bio- Protect user privacy by using just handwriting pattern instead of using other private biometrics Anonymity of both user and server is metrics (Omri et not preserved al., 2012) Lack of providing secure mechanism against phishing and eavesdropping attack

FDZ (Schwab and Yang, Secure against phishing and eavesdropping attacks Anonymity of both user and server is 2013) not preserved QR code-based (Oh Secure against phishing and eavesdropping attacks using Diffie–Hellman protocol Lack of user and server anonymity et al. (2011)) preservation SeDiCi 2.0 (Grzon- Not using private information preserves the user privacy User and server anonymity mechanism kowski et al., 2011) are not considered TrustCube (Chow et al., Using OpenID to protect user anonymity Using many private information of user 2010) Protect user against phishing and eavesdropping attacks to process authentication

SMCBA (Al Rassan and The mobile device processes fingerprint data, then sends the result of the authentication to the Fingerprint as one of the most private AlShaher, 2014) cloud server not the biometrics information to prevent eavesdropping risk information of user is not protected Lack of providing secure mechanism against phishing and eavesdropping attacks

NemoAuth (Le et al., The NemoAuth method uses less private biometrics than typical biometrics methods Using many private information of user 2013) to process authentication No privacy mechanism is provided to protect the user private information evaluate authentication schemes. However, the authentication fingerprint, iris, retina, face, and voice recognition are highly vul- method is expected to protect varied network entities against nerable to privacy attacks, henceforth the proper privacy protection security and privacy threats while it is sufficiently user-friendly. The techniques can be applied to the authentication methods. The mutual usability dramatically drops when the authentication methods are authentication is an important feature that can be provided by designed with major focus on security that leads to more complexity authentication mechanism. In the other words, mobile device can and less usability. Furthermore, the authentication mechanism can be check authentication of cloud server while the cloud server can check in accordance with the user preferable model to reach user satis- mobile end-user authentication. Another important feature of faction. As an example, the user might prefer graphical password authentication method is untraceability that means if an attacker can authentication over other methods because of easiness of entering sniff the transferring packets, the relation between different packets the password by tapping the touch screen. The usability analysis of should not be revealed. various kinds of authentication methods is investigated in Braz and Robert (2006), which shows the biometric authentication such as 4.4. Mobility voice recognition is more usable for the users because of inherent characteristics of these kinds of authentication methods such as easy- In contrast to wired network that all the nodes are static, the to-use and effortless-memorizing. Based on our review, the graphical mobility is the inherent characteristic of mobile devices in MCC, password and biometrics authentication methods are two types of which introduces new challenges to design authentication proto- the trending methods in the field of MCC authentication. cols (Chen and Hoang, 2013). The mobile devices rapidly roam in different wireless networks to preserve connectivity, hence the 4.3. Security and privacy authentication delay should be acceptable according to the wire- less network's standards. Furthermore, the packet loss and sig- In MCC, mitigating the security and privacy issues during the naling cost as two important criteria in mobile device roaming offloading procedure is a critical task because neglecting these issues procedure can be considered. inhibits adoption of MCC services by the end-users (Khan et al., 2014). The security and privacy issues of MCC such as revealed mobile user 4.5. Support heterogeneity location, stolen device, insecure access to rogue access points, near field communication (NFC) hacking (Xuanxia et al., 2014; Yu and Heterogeneity in MCC can be discussed in three main cate- Wen, 2013; Yu-Jia and Li-Chun, 2011; Yu and Wen, 2012; Zhou and gories including mobile device, cloud, and wireless networks. The Huang, 2012; Itani et al., 2010; Ren et al., 2011; Weiwei et al., 2011; diversity of infrastructure, hardware, software, architectures, and Sue-Chen et al., 2011) can be mitigated by suitable authentication technologies in MCC makes this environment more complicated. methods. The user privacy is highly important, especially in MCC, Sanaei et al. (2013) explained open challenges and issues regard- where the authentication information are stored in the cloud servers. ing heterogeneity in MCC comprehensively. Mobile devices in Among different approaches, biometric information such as heterogeneous networks switch between different types of M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80 75

Table 7 Comparison of evaluated authentication methods.

networks to preserve network connectivity, henceforth there is a 5.1. Heterogeneous infrastructure need to consider the characteristics of these heterogeneous net- works in authentication mechanisms. As an example, when a The heterogeneity is an intrinsic characteristic of MCC because mobile device connects to a network, different parameters such as of using various wireless networks to preserve mobile device security and QoS will be defined by the network as service level connectivity. The variety of wireless technologies includes WLAN agreement, and the preferences of each network differ from other and cellular, as well as the diversity of technologies of mobile networks, hence these various requirements are recommended to devices, including software, hardware, and architecture, make be considered. designing authentication method more complicated and difficult, because the authentication approach should be applicable and comply with the network and mobile device requirements. Several 4.6. Adaptiveness security concerns are arisen in heterogeneous networks' authen- In the cloud-based authentication methods, some parts of tication procedure such as initially authentication and handover authentication when the mobile node is roaming between differ- mechanism are processed on the cloud server, hence a suitable ent types of networks. Furthermore, as different communication authentication methods are required to manage the load balancing technologies offer different security levels, consequently, some of VMs in cloud servers, among the reviewed authentication networks are less able to provide the required security level for methods in MCC, Jeong et al. (2013) designed a server to manage mobile nodes. The diversities of wireless networks, mobile devi- load balancing. In addition, some managing services such as ces, and cloud technologies are marginally considered in designing resource scheduler are required, where one of the mobile device authentication methods for MCC. It is recommended to design or cloud server can be selected to process the specific steps of multilevel authentication methods, which are adaptive to the authentication mechanism based on the intrinsic properties of the capabilities and limitations of various network entities. In multi- entities (Sanaei et al., 2012). level authentication methods, such as Thorwat and Shetty (2014), Naik and Koul (2013) and Dinesha and Agrawal (2012), the security level can be selected automatically and extra security 5. Open challenges plugins can be added based on a tradeoff between sensitivity and available resources. This section highlights several open challenges related to authentication in MCC that demand future research and devel- 5.2. Seamless handover opment efforts. Addressing these challenges can significantly enhance authentication in MCC leading to successful adoption The authentication as a critical phase in handover procedure, of MCC. is a challenging task to achieve seamless handover in MCC 76 M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80

Mobile Device Characteristics Usability Preferences

Mobile architecture Minimize User Effort Memory Infrequent-Errors CPU processing power Memorizing-effortless Battery limitations

Security and Privacy Mobility

Latency Packet Loss Mutual Authentication Signaling Cost Untraceability Resistant to attacks Privacy protection

Support Heterogeneity Adaptiveness

Cloud server manger Mobile Devices Resource scheduler Wireless Networks Cloud Servers

Fig. 14. Effective factors in designing authentication scheme in MCC.

(Gani et al., 2014). The authentication standards are defined in mitigated by providing shared pool computational processing different ways for various wireless technologies such as Wi–Fi, resources in cloud (Abolfazli et al., 2014b; Zhu et al., 2014; Ver- WiMAX, ZigBee, and Cellular, which supports specific authentica- belen et al., 2014; Shojafar et al., 2015). The mobile processing tion protocols according to the defined architecture, software and power constraint demands transferring the resource-intensive hardware. Furthermore, some network technologies support sev- parts of the authentication mechanisms to the cloud for proces- eral authentication protocols, which makes the appropriate sing. Computing off-loading technique reduces the time of appli- authentication selection method more challenging for the mobile cation execution on mobile devices, which results in reduction of device. In addition, the protection of seamless connectivity is a power consumption. However, the energy consumption of trans- challenging task, especially in high mobility networks such as ferring the data is not considered in most of the current studies MCC, and authentication has a key role to reduce handover latency (Yao et al., 2013). Therefore, designing the appropriate resource for seamless handover achievement. The suitable authentication scheduling algorithm, which decides on transferring resource- fi method must ful ll the acceptable latency rate requirement dis- intensive parts of an authentication mechanism to the cloud, is a cussed in literature (Tolia et al., 2006), which are provided for the challenging task that affects authentication latency, performance, mobile user in MCC. and energy consumption.

5.3. Identity privacy

In MCC, the mobile user privacy preservation is more challenging 6. Conclusions compared to the immobile users. In terms of user privacy, both communication content and the user need to be pro- Security and privacy are among the most important issues in tected (Zhu et al., 2009).ThemobilityfeatureoftheMCCusermay MCC that decelerate development of this technology. In the core of connect to different access points owned by several kinds of networks, MCC, authentication is the most critical process to preserve and the targeted network has to check the user authenticity during security and privacy of end-users. Although authentication is not handover procedure using his identity information. Furthermore, the new in computing, it is immature in MCC due to unique features, user information may be stored in parallel cloud storage to improve requirements, opportunities, and challenges existing in mobile- performance and reliability, which increases the risk of disclosure of cloud environments. Mobility, resource poverty, small form factor, the user private information (Barsoum et al., 2013). Henceforth, a and pervasive usability of mobile devices on one hand, and wire- proper privacy preservation mechanism in MCC is a challenging task. less communication, cloud resource provisioning, computation offloading, and heterogeneity on the other hand necessitate pro- 5.4. Resource scheduling posing authentication mechanisms that are developed for mobile- cloud users. Therefore, it is essential to critically analyse existing Energy conservation of the mobile device is highly important in authentication methods taking into account unique characteristics MCC, where the battery limitation of the mobile device is and challenges of MCC to highlight the security and efficiency M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80 77 issues of the current methods and suggest the future research Alizadeh M, Wan HH. Challenges and opportunities of mobile cloud computing. In: directions toward fully unleashing the power of mobile cloud. 2013 9th international on wireless communications and mobile computing conference. Sardinia, Italy: IEEE; 2013. p. 660–6. In this study, we present a comprehensive survey of authenti- Alizadeh M, Hassan WH, Behboodian N, Karamizadeh S. A brief review of mobile cation in MCC that critically examines various existing authenti- cloud computing opportunities. Res Notes Inf Sci 2013a;12(April):155–60. http: cation approaches to portrait the state-of-the-art and also high- //dx.doi.org/10.4156/rnis.vol12.27. Alizadeh M, Hassan WH, Zamani M, Khodadadi T, Chaeikar SS. A prospective study light the most important challenges as future research directions. of mobile cloud computing. Int J Adv Comput Technol 2013b;5(11). We present an in-depth discussion over authentication in MCC Allam S, Flowerday SV, Flowerday E. Smartphone awareness: a – and highlight its challenging characteristics compared to cloud victim of operational pressures. Comput Secur 2014;42(May):56 65. http://dx. doi.org/10.1016/j.cose.2014.01.005. computing technology. Furthermore, the existing authentication Al Rassan I, AlShaher H. Securing mobile cloud computing using biometric methods in MCC are evaluated and analyzed based on criteria such authentication (SMCBA). In: 2014 International conference on computational fi science and computational intelligence, vol. 1. Las Vegas, USA: IEEE Computer as usability, ef ciency, security, privacy and adaptability to MCC. Society; 2014. p. 157–61. http://dx.doi.org/10.1109/CSCI.2014.33. The current authentication methods are proposed based on tra- Al-Zoube MA, Alqudah YA. Mobile cloud computing framework for patients' health ditional authentication schemes without considering adaptability data analysis. Biomed Eng: Appl, Basis Commun 2014;26(02) 1450020–9. fi http://dx.doi.org/10.4015/S1016237214500203. to MCC speci cations. The results of the evaluation show that Aminzadeh N, Sanaei Z, Ab Hamid SH. Mobile storage augmentation in mobile cloud some important factors such as user preferences, mobility, het- computing: taxonomy, approaches, and open issues. Simul Model Pract Theory erogeneity, mobile device characteristics, and MCC-friendliness 2015;50(January):96–108. http://dx.doi.org/10.1016/j.simpat.2014.05.009. An N, Huynh C-T, Lee B, Hong C, Huh E-N. An efficient block classification for media are highly critical to be considered when designing the future healthcare service in mobile cloud computing. Multimed Tools Appl 2014:1–15. authentication mechanisms for MCC. The results also suggest that http://dx.doi.org/10.1007/s11042-014-2039-6. the most appropriate authentication method in MCC would be Ardagna CA, Conti M, Leone M, Stefa J. An anonymous end-to-end communication protocol for mobile cloud environments. IEEE Trans Serv Comput 2014; hybrid adaptive methods with varied degrees of fidelity that can 7(3):373–86. http://dx.doi.org/10.1109/TSC.2014.2304717. be adopted depending on user location, Internet connectivity, Avelar E, Marques L, dos Passos D, Macedo R, Dias K, Nogueira M. Interoperability issues on heterogeneous wireless communication for smart cities. Comput Commun native resource level, and remote resource proximity. While the 2015;58(March):4–15. http://dx.doi.org/10.1016/j.comcom.2014.07.005. most effective MCC solutions perform resource-intensive complex Barsoum A, Hasan A, Member S. Enabling dynamic data and indirect mutual trust for cloud authentication processes using remote resources in the cloud that computing storage systems. IEEE Trans Parallel Distrib Syst 2013;24(12):2375–85. fi Bin M, Xiaofeng L, Xianzhong X. Risk-aware vertical handoff algorithm for security offers high delity, lightweight, yet robust approaches running access support in heterogeneous wireless networks. In: 5th international natively on the end-user device can be utilized in the absence of conference on biomedical engineering and informatics. Chongqing, China: remote cloud resources leading to lower fidelity. Such approaches IEEE; 2012. p. 1515–9. http://dx.doi.org/10.1109/BMEI.2012.6512937. Bonneau J, Herley C, van Oorschot PC, Stajano F. The quest to replace passwords: a in near future, that demand future R&D efforts can autonomously framework for comparative evaluation of web authentication schemes. In: 2012 determine fidelity level considering user's context. IEEE symposium on security and privacy. San Francisco, USA: IEEE; 2012. p. 553–67. http://dx.doi.org/10.1109/SP.2012.44. Braz C, Robert J-M. Security and usability: the case of the user authentication methods. In: Proceedings of the 18th international conference of the associa- Acknowledgement tion francophone d'interaction homme–machine. Montreal, Canada: ACM; 2006. p. 199–203. Braz C, Seffah A, MRaihi D. Designing a trade-off between usability and security: a metrics Authors acknowledge support from Malaysia-Japan Interna- based-model. In: Baranauskas C, Palanque P, Abascal J, Barbosa S, editors. Human- tional Institute of Technology (MJIIT) center at Universiti Teknologi computer interaction. Lecture notes in computer Science, vol. 4663. Berlin, Heidel- – Malaysia, Japan Student Services Organization (JASSO), and berg: Springer; 2007. p. 114 26. http://dx.doi.org/10.1007/978-3-540-74800-7_9. Cachin C, Schunter M. A cloud you can trust. IEEE Spectrum 2011;48(12):28–51. Kyushu University, Fukuoka, Japan. Chandra DG, Prakash R, Lamdharia S. Mobile ticketing system for automatic fare collection model for public transport. In: 2013 5th international conference on computational intelligence and communication networks. Mathura, India: IEEE; 2013, p. 600–3. http://dx.doi.org/10.1109/CICN.2013.131. References Chang C-C, Lee C-Y, Chiu Y-C. Enhanced authentication scheme with anonymity for roaming service in global mobility networks. Comput Commun 2009;32 (4):611–8. http://dx.doi.org/10.1016/j.comcom.2008.11.032. Abolfazli S, Sanaei Z, Shiraz M, Gani A. MOMCC: market-oriented architecture for Chen L, Hoang DB. Addressing data and user mobility challenges in the cloud. In: mobile cloud computing based on service oriented architecture. In: 1st IEEE 2013 IEEE sixth international conference on cloud computing. Santa Clara, USA: international conference on communications in china workshops. Beijing, IEEE; 2013. p. 549–56. http://dx.doi.org/10.1109/CLOUD.2013.26. China: IEEE Computer Society; 2012. p. 8–13. doi: http://dx.doi.org/10.1109/ Chen M, Ma Y, Liu Y, Jia F, Ran Y, Wang J. Mobile learning system based on cloud com- ICCCW.2012.6316481. puting. J Netw 2013;8(11):2572–7. http://dx.doi.org/10.4304/jnw.8.11.2572-2577. Abolfazli S, Sanaei Z, Alizadeh MM, Gani A, Xia F, Member S. An experimental Chow R, Jakobsson M, Masuoka R, Molina J, Niu Y, Shi E, et al. Authentication in the analysis on cloud-based mobile augmentation in mobile cloud computing. IEEE clouds: a framework and its application to mobile users. In: Proceedings of the Trans Consum Electron 2014;99(1):1–9. 2010 ACM workshop on cloud computing security workshop. Chicago, USA: Abolfazli S, Sanaei Z, Ahmed E, Gani A, Buyya R. Cloud-based augmentation for mobile ACM; 2010. p. 1–6. http://dx.doi.org/10.1145/1866835.1866837. devices: motivation, taxonomies, and open challenges. IEEE Commun Surv Tutor Christensen JH. Using RESTful web-services and cloud computing to create next 2014a;16(1):337–68. http://dx.doi.org/10.1109/SURV.2013.070813.00285. generation mobile applications. In: 24th ACM SIGPLAN conference companion Abolfazli S, Sanaei Z, Gani A, Xia F, Yang LT. Rich mobile applications: genesis, on Object oriented programming systems languages and applications. New taxonomy, and open issues. J Netw Comput Appl 2014b;40(April):345–62. http: York, USA: ACM; 2009. p. 627–34. //dx.doi.org/10.1016/j.jnca.2013.09.009. Chu C-H, Ouyang Y-C, Jang C-B. Secure data transmission with cloud computing in Aboudagga N, Refaei MT, Eltoweissy M, DaSilva LA, Quisquater J-J. Authentication heterogeneous wireless networks. Secur Commun Netw 2012;5(12):1325–36. protocols for ad hoc networks: taxonomy and research issues. In: Proceedings http://dx.doi.org/10.1002/sec.409. of the 1st ACM international workshop on quality of service and security in Cisco T. Cisco visual networking index: global mobile data traffic forecast update, wireless and mobile networks. Montreal, Canada: ACM; 2005. p. 96–104. 2013–2018. Technical Report. Cisco; 2014. http://dx.doi.org/10.1145/1089761.1089777. Clarke NL, Furnell SM. Advanced user authentication for mobile devices. Comput Adida B. Beamauth: two-factor web authentication with a bookmark. In: Pro- Secur 2007;26(2):109–19. http://dx.doi.org/10.1016/j.cose.2006.08.008. ceedings of the 14th ACM conference on computer and communications Clarke NL, Furnell SM, Rodwell PM, Reynolds PL. Acceptance of subscriber security. Alexandria, USA: ACM; 2007. p. 48–57. http://dx.doi.org/10.1145/ authentication methods for mobile telephony devices. Comput Secur 2002; 1315245.1315253. 21(3):220–8. http://dx.doi.org/10.1016/S0167-4048(02)00304-8. Ahn H, Chang H, Jang C, Choi E. User authentication platform using provisioning in Crawford H, Renaud K, Storer T. A framework for continuous, transparent mobile cloud computing environment. In: 3rd international conference on advanced device authentication. Comput Secur 2013;39(Part B, November):127–36. http: communication and networking. Brno, Czech republic: Springer-Verlag; 2011. p. //dx.doi.org/10.1016/j.cose.2013.05.005. 132–8. doi: http://dx.doi.org/10.1007/978-3-642-23312-8_16. Dey S, Sampalli S, Ye Q. Message digest as authentication entity for mobile cloud Aiash M, Loo J. Introducing a novel authentication protocol for secure services in computing. In: 32nd international performance computing and communica- heterogeneous environments using Casper/FDR. Int J Commun Syst 2013; tions conference. San Diego, USA: IEEE; 2013. p. 1–6. http://dx.doi.org/10.1109/ 27(12):3600–18. http://dx.doi.org/10.1002/dac.2561. PCCC.2013.6742784. 78 M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80

Dijiang H, Zhibin Z, Le X, Tianyi X, Yunji Z. Secure data processing framework for Jana D, Bandyopadhyay D. Efficient management of security and privacy issues in mobile cloud computing. In: 2011 IEEE conference on computer communica- mobile cloud environment. In: 2013 annual IEEE india conference. Mumbai, tions workshops. Shanghai, China: IEEE; 2011. p. 614–8. http://dx.doi.org/10. India: IEEE; 2013. p. 1–6. http://dx.doi.org/10.1109/INDCON.2013.6726077. 1109/INFCOMW.2011.5928886. Jang EY, Kim HJ, Park CS, Kim JY, Lee J. The study on a threat countermeasure of Dinesha HA, Agrawal VK. Multi-level authentication technique for accessing cloud mobile cloud services. Korea Inst Inf Secur Cryptol 2011;21(1). services. In: 2012 international conference on computing, communication and Jeong Y-S, Park JS, Park JH. An efficient authentication system of smart device using applications. Dindigul, India: IEEE; 2012. p. 1–4. doi: http://dx.doi.org/10.1109/ multi factors in mobile cloud service architecture. Int J Commun Syst 2015; ICCCA.2012.6179130. 28(4):659–74. http://dx.doi.org/10.1002/dac.2694. Dinh HT, Lee C, Niyato D, Wang P. A survey of mobile cloud computing: architecture, Jin AH, Sangmin S, Namgi K, Byoung-Dai L. A study of secure data transmissions in applications and approaches. Wirel Commun Mob Comput 2013;13(18):1587–611. mobile cloud computing from the energy consumption side. In: 2013 interna- Dong J, Han J, Liu J, Yin H. Shallow analysis of mobile learning environment under Cloud tional conference on information networking. Bangkok, Thailand: IEEE; 2013. p. computing. In: 2011 7th international conference on MEMS, NANO and smart sys- 250–5. http://dx.doi.org/10.1109/ICOIN.2013.6496385. tems. Switzerland, Kuala Lumpur, Malaysia: Trans Tech Publications; 2012. p. Kaewpuang R, Niyato D, Wang P, Hossain E. A framework for cooperative resource 1447–50. http://dx.doi.org/10.4028/www.scientific.net/AMR.403-408.1447. management in mobile cloud computing. IEEE J Sel Areas Commun 2013; Doukas C, Pliakas T, Maglogiannis I. Mobile healthcare information management 31(12):2685–700. http://dx.doi.org/10.1109/JSAC.2013.131209. utilizing cloud computing and android OS. In: 2010 annual international con- Khalil I, Khreishah A, Azeem M. Consolidated identity management system for ference of the IEEE engineering in medicine and biology society. Buenos Aires, secure mobile cloud computing. Comput Netw 2014;65(June):99–110. http: Argentina: IEEE; 2010. p. 1037–40. //dx.doi.org/10.1016/j.comnet.2014.03.015. Esposito C, Ciampi M. On security in publish/subscribe services: a survey. IEEE Commun Khan AN, Mat Kiah M, Khan SU, Madani SA. Towards secure mobile cloud com- Surv Tutor 2015; PP (99). http://dx.doi.org/10.1109/COMST.2014.2364616. puting: a survey. Future Gener Comput Syst 2013a;29(5):1278–99. http://dx. Fernando N, Loke SW, Rahayu W. Mobile cloud computing: a survey. Future Gener doi.org/10.1016/j.future.2012.08.003. – Comput Syst 2013;29(1):84 106. http://dx.doi.org/10.1016/j.future.2012.05.023. Khan AN, Mat Kiah ML, Madani Sa, Khan AUR, Ali M. Enhanced dynamic credential Forouzan BA. Introduction to cryptography and network security. McGraw-Hill generation scheme for protection of user identity in mobile-cloud computing. J Higher Education; 2008. Supercomput 2013b;66(3):1687–706. http://dx.doi.org/10.1007/s11227-013-0967-y. Furnell SM, Dowland PS, Illingworth HM, Reynolds PL. Authentication and super- Khan AN, Kiah MLM, Khan SU, Madani SA, Khan AR. A study of incremental cryp- – vision: a survey of user attitudes. Comput Secur 2000;19(6):529 39. http://dx. tography for security schemes in mobile cloud computing environments. In: doi.org/10.1016/S0167-4048(00)06027-2. 2013 IEEE symposium on wireless technology and applications. Kouching, Furnell S, Clarke N, Karatzouni S. Beyond the PIN: enhancing user authentication for Malaysia: IEEE; 2013. p. 62–7. http://dx.doi.org/10.1109/ISWTA.2013.6688818. – mobile devices. Comput Fraud Secur 2008;2008(8):12 7. http://dx.doi.org/ Khan A, Kiah MLM, Madani S, Ali M, Khan A, Shamshirband S. Incremental proxy re- 10.1016/S1361-3723(08)70127-1. encryption scheme for mobile cloud computing environment. J Supercomput Gani A, Nayeem GM, Shiraz M, Sookhak M, Whaiduzzaman M, Khan S. A review on 2014;68(2):624–51. http://dx.doi.org/10.1007/s11227-013-1055-z. interworking and mobility techniques for seamless connectivity in mobile Kim S, Rhee HS, Chun JY, Lee DH. Anonymous and traceable authentication scheme cloud computing. J Netw Comput Appl 2014;43(August):84–102. http://dx.doi. using smart cards. In: International conference on information security and org/10.1016/j.jnca.2014.04.009. assurance. Busan, South Korea: IEEE; 2008. p. 162–5. http://dx.doi.org/10.1109/ Ghazizadeh E, Zamani M, Ab Manan JL, Alizadeh M. Trusted computing strengthens cloud ISA.2008.52. authentication. Sci World J 2014;2014:17. http://dx.doi.org/10.1155/2014/260187. Ko SKV, Lee JH, Kim SW. Mobile cloud computing security considerations. J Secur Giuffrida C, Majdanik K, Conti M, Bos H. I sensed it was you: authenticating mobile Eng 2012;9(2):143–50. users with sensor-enhanced keystroke dynamics. In: Dietrich S, editor. Detection Kumar R, Rajalakshmi S. Mobile cloud computing: standard approach to protecting of intrusions and malware and vulnerability assessment SE - 6. Lecture notes in and securing of mobile cloud ecosystems. In: 2013 international conference on computer science, vol. 8550. Egham, London, UK: Springer International Pub- computer sciences and applications. Wuhan, China: IEEE; 2013. p. 663–9. lishing; 2014. p. 92–111. http://dx.doi.org/10.1007/978-3-319-08509-8_6. http://dx.doi.org/10.1109/CSA.2013.161. Grzonkowski S. SeDiCi: an authentication service taking advantage of zero- Lane ND, Miluzzo E, Lu H, Peebles D, Choudhury T, Campbell AT. A survey of mobile knowledge proofs. In: Sion R, editor. Financial cryptography and data secur- phone sensing. IEEE Commun Mag 2010;48(9):140–50. ity. Lecture notes in computer science, vol. 6052. Springer; 2010. p. 426. La Polla M, Martinelli F, Sgandurra D. A survey on security for mobile devices. IEEE Grzonkowski S, Corcoran PM, Coughlin T. Security analysis of authentication pro- Commun Surv Tutor 2013;15(1):446–71. tocols for next-generation mobile and CE cloud services. In: 2011 IEEE inter- Le Z, Zhang X, Gao Z. NemoAuth: a mnemonic multimodal approach to mobile user national conference on consumer electronics. Berlin, Germany: IEEE; 2011. p. authentication. In: 2013 IEEE region 10 conference (31194). Xi'an, China: IEEE; 83–7. http://dx.doi.org/10.1109/ICCE-Berlin.2011.6031855. 2013. p. 1–6. Guo M-H, Liaw H-T, Hsiao L-L, Huang C-Y, Yen C-T. Authentication using graphical Lei L, Zhong Z, Zheng K, Chen J, Meng H. Challenges on wireless heterogeneous password in cloud. In: 15th international symposium on wireless personal multi- networks for mobile cloud computing. IEEE Wirel Commun 2013;20(3) http:// media communications. Taipei, Taiwan: IEEE Computer Society; 2012. p. 177–81. He D, Ma M, Zhang Y, Chen C, Bu J. A strong user authentication scheme with smart dx.doi.org/10.1109/MWC.2013.6549281. Li C, Li L. Phased scheduling for resource-constrained mobile devices in mobile cards for wireless communications. Comput Commun 2011;34(3):367–74. http: cloud computing. Wirel Person Commun 2014;77(4):2817–37. http://dx.doi. //dx.doi.org/10.1016/j.comcom.2010.02.031. He D, Chan S, Guizani M. User privacy and data trustworthiness in mobile crowd org/10.1007/s11277-014-1669-3. sensing. IEEE Wirel Commun 2015a;22(1):28–34. http://dx.doi.org/10.1109/ Li R, Zhang Y, Wang Z, Sun X. The implementation of the travel cloud interpretation MWC.2015.7054716. system. In: 2011 international conference on computer science and network – He D, Chan S, Guizani M. Mobile application security: malware threats and technology. Harbin, China: IEEE Computer Society; 2011. p. 1449 51. http://dx. defenses. IEEE Wirele Commun 2015b;22(1):138–44. http://dx.doi.org/10.1109/ doi.org/10.1109/ICCSNT.2011.6182238. MWC.2015.7054729. Li X, He J, Zhang T. A service-oriented identity authentication privacy protection – Hoang DB, Chen L. Mobile cloud for assistive healthcare (MoCAsH). In: 2010 IEEE method in cloud computing. Int J Grid Distrib Comput 2013;6(1):77 86. Asia-Pacific services computing conference, APSCC. Hangzhou, China: IEEE; Lingfeng C, Hoang DB. Addressing data and user mobility challenges in the cloud. 2010. p. 325–32. http://dx.doi.org/10.1109/APSCC.2010.102. In: 2013 IEEE sixth international conference on cloud computing. Santa Clara, – Honggang W, Shaoen W, Min C, Wei W. Security protection between users and the USA: IEEE; 2013. p. 549 56. http://dx.doi.org/10.1109/CLOUD.2013.26. mobile media cloud. IEEE Commun Mag 2014;52(3):73–9. http://dx.doi.org/ Liu L, Moulic R, Shea D. Cloud service portal for mobile device management. In: 10.1109/MCOM.2014.6766088. 2010 IEEE 7th international conference on e-business engineering. Shanghai, Huang B. The study of mobile education development based on 3G technique and China: IEEE; 2010. p. 474–8. http://dx.doi.org/10.1109/ICEBE.2010.102. cloud computing. In: 2011 international conference on uncertainty reasoning Liu J, Ahmed E, Shiraz M, Gani A, Buyya R, Qureshi A. Application partitioning and knowledge engineering. Kuala Lumpur, Malaysia: IEEE; 2011. p. 86–9. algorithms in mobile cloud computing: taxonomy, review and future directions. http://dx.doi.org/10.1109/URKE.2011.6007847. J Netw Comput Appl 2015;48(February):99–117. http://dx.doi.org/10.1016/j. Hui S, Zhuohua L, Jiafu W, Keliang Z, Security and privacy in mobile cloud com- jnca.2014.09.009. puting. In: 2013 9th international on wireless communications and mobile Lopez J, Oppliger R, Pernul G. Authentication and authorization infrastructures computing conference. Sardinia, Italy: IEEE; 2013. p. 655–9. http://dx.doi.org/ (AAIs): a comparative survey. Comput Secur 2004;23(7):578–90. http://dx.doi. 10.1109/IWCMC.2013.6583635. org/10.1016/j.cose.2004.06.013. Imielinski T, Korth H. Introduction to mobile computing. In: Imielinski T, Henry KF, Louk M, Lim H, Lee H. An analysis of security system for intrusion in smartphone editors. Mobile computing, the Kluwer international series in engineering and environment. Sci World J 2014;2014:1–12. http://dx.doi.org/10.1155/2014/ computer science, vol. 353. US: Springer; 1996. p. 1–43 [Chapter 1]. URL 983901. http://faculty.winthrop.edu/domanm/csci411/Handouts/NIST.pdf. Ma RKK, Wang C-L. Lightweight application-level task migration for mobile cloud ISO W. 9241-11. Ergonomic requirements for office work with visual display computing. In: IEEE 26th international conference on advanced information terminals (VDTs). Technical Report. The international organization for stan- networking and applications (AINA), Fukuoka, Japan: IEEE; 2012. p. 550–7. dardization; 1998. http://dx.doi.org/10.1109/AINA.2012.124. Itani W, Kayssi A, Chehab A. Energy-efficient incremental integrity for securing Mahalingam T, Rajan AV. Cloud and mobile computing: affordances of the 21st storage in mobile cloud computing. In: 2010 international conference on century teaching and learning. In: 2013 international conference on current energy aware computing. Cairo, Egypt: IEEE; 2010. p. 1–2. http://dx.doi.org/10. trends in information technology. Dubai, UAE: IEEE; 2013. p. 125–8. http://dx. 1109/ICEAC.2010.5702296. doi.org/10.1109/CTIT.2013.6749490. M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80 79

Mansoor N, Muzahidul Islam AKM, Zareei M, Baharun S, Wakabayashi T, Komaki S. Satyanarayanan M, Bahl P, Caceres R, Davies N. The case for VM-based cloudlets in Cognitive radio ad-hoc network architectures: a survey. Wirel Person Commun mobile computing. IEEE Pervas Comput 2009;8(4):14–23. http://dx.doi.org/ 2015;81(3):1117–42. http://dx.doi.org/10.1007/s11277-014-2175-3. 10.1109/MPRV.2009.82. Mell P, Grance T. The NIST definition of cloud computing draft. 2011. Schwab D, Yang L. Entity authentication in a mobile-cloud environment. In: 8th Morrow S. Data security in the cloud. In: Rajkumar B, James B, Andrzej G, editors. annual cyber security and information intelligence research workshop: federal Cloud computing: principles and paradigms. John Wiley & Sons, Inc.; 2011. cyber security R and D program thrusts. Oak Ridge, United States: ACM; 2013. p. 573–92. http://dx.doi.org/10.1145/2459976.2460024. Morshed MSJ, Islam MM, Huq MK, Hossain MS, Basher MA. Integration of wireless Shahzad A, Hussain M. Security issues and challenges of mobile cloud computing. hand-held devices with the cloud architecture: security and privacy issues. In: Int J Grid Distrib Comput 2013;6(6):37–50. http://dx.doi.org/10.14257/ 2011 international conference on P2P, parallel, grid, cloud and internet com- ijgdc.2013.6.6.04. puting. Barcelona, Spain: IEEE; 2011. p. 83–8. http://dx.doi.org/10.1109/3PGCIC. Sheng X, Gong W. Mobility can help: protect user identity with dynamic credential. 2011.22. In: 2010 eleventh international conference on mobile data management. Kan- Mylonas A, Kastania A, Gritzalis D. Delegate the smartphone user? Security sas City, USA: IEEE; 2010. p. 378–80. http://dx.doi.org/10.1109/MDM.2010.73. awareness in smartphone platforms Comput Secur 2013;34(May):47–66. http: Shi E, Niu Y, Jakobsson M, Chow R. Implicit authentication through learning user //dx.doi.org/10.1016/j.cose.2012.11.004. behavior. In: Burmester M, Tsudik G, Magliveras S, Ilić I, editors. Information Naik T, Koul S. Multi-dimensional and multi-level authentication techniques. Int J security. Lecture notes in computer science, Vol. 6531. Berlin, Heidelberg: Comput Appl 2013;75(12):17–22. Springer; 2011. p. 99–113. http://dx.doi.org/10.1007/978-3-642-18178-8_9. Noureddine M, Bashroush R. An authentication model towards cloud federation in Shon T, Cho J, Han K, Choi H. Toward advanced mobile cloud computing for the the enterprise. J Syst Softw 2013;86(9):2269–75. http://dx.doi.org/10.1016/j. internet of things: current issues and future direction. Mob Netw Appl 2014; jss.2012.12.031. 19(3):404–13. http://dx.doi.org/10.1007/s11036-014-0509-8. Oh D-S, Kim B-H, Lee J-K. A study on authentication system using QR code for Shojafar M, Javanmardi S, Abolfazli S, Cordeschi N. FUGE: A joint meta-heuristic mobile cloud computing environment. In: 6th international conference on approach to cloud job scheduling algorithm using fuzzy theory and genetic future information technology. Loutraki, Greece: Springer-Verlag; 2011. p. method. Cluster Compute 2015;18(2):829–44. 500–7. http://dx.doi.org/10.1007/978-3-642-22333-4_65. Si P, Zhang Q, Richard YF, Zhang Y. QoS-aware dynamic resource management in Omri F, Hamila R, Foufou S, Jarraya M. Cloud-ready biometric system for mobile security heterogeneous mobile cloud computing networks. China Commun 2014; access. In: Benlamri R, editor. Networked digital technologies, communications in 11(4):144–59. computer and information science, vol. 294. Berlin, Heidelberg: Springer; 2012. Simmons GJ. A survey of information authentication. Proc IEEE 1988;76(5):603–20. p. 192–200. http://dx.doi.org/10.1007/978-3-642-30567-2_16 [Chapter 16]. http://dx.doi.org/10.1109/5.4445. Owusu E, Han J, Das S, Perrig A, Zhang J. ACCessory: password inference using Singh M, Singh S. Design and implementation of multi-tier authentication scheme accelerometers on smartphones. In: HotMobile '12, proceedings of the twelfth in cloud. Int J Comput Sci Issues 2012;9(5 5-2):181–7. workshop on mobile computing systems and applications. New York, USA: Song Z, Molina J, Lee S, Lee H, Kotani S, Masuoka R. TrustCube: an infrastructure ACM; 2012. p. 9:1–6. http://dx.doi.org/10.1145/2162081.2162095. that builds trust in client. In: Gawrock D, Reimer H, Sadeghi A-R, Vishik C, Pal S, Henderson T. MobOCloud: extending cloud computing with mobile oppor- editors. Future of trust in computing. ViewegþTeubner; 2009. tunistic networks. In: Proceedings of the 8th ACM MobiCom workshop on p. 68–79. http://dx.doi.org/10.1007/978-3-8348-9324-6_8. Challenged networks. Miami, Florida, USA: ACM; 2013. p. 57–62. http://dx.doi. Song R, Li S, Yao Z, Li X. Design and implementation of the web content adaptation org/10.1145/2505494.2505503. for intelligent tourism cloud platform. In: 2012 international conference on Park C-S. Authentication protocol providing user anonymity and untraceability in control engineering and communication technology. Liaoning, China: IEEE; wireless mobile communication systems. Comput Netw 2004;44(2):267–73. 2012. p. 759–62. http://dx.doi.org/10.1109/ICCECT.2012.100. http://dx.doi.org/10.1016/j.comnet.2003.09.001. Sood SK. A combined approach to ensure data security in cloud computing. J Netw Park J, Yi K, Park J. SSP-MCloud: a study on security service protocol for smartphone Comput Appl 2012;35(6):1831–8. http://dx.doi.org/10.1016/j.jnca.2012.07.007. centric mobile cloud computing. In: Park JJ, Arabnia H, Chang H-B, Shon T, Sookhak M, Talebian H, Ahmed E, Gani A, Khan MK. A review on remote data editors. IT convergence and services lecture notes in electrical engineering. auditing in single cloud server: taxonomy and open issues. J Netw Comput Appl Lecture notes in electrical Engineering, vol. 107. Netherlands: Springer; 2011. 2014;43(August):121–41. http://dx.doi.org/10.1016/j.jnca.2014.04.011. p. 165–72. http://dx.doi.org/10.1007/978-94-007-2598-0_18. Sue-Chen H, Jing-Yan L, Ming-Yen L. Secure cloud storage for convenient data Peng S, Yu S, Yang A. Smartphone malware and its propagation modeling: a survey. archive of smart phones. In: 2011 IEEE 15th international symposium on con- IEEE Commun Surv Tutor 2014;16(2):925–41. http://dx.doi.org/10.1109/ sumer electronics. Singapore: IEEE; 2011. p. 156–61. http://dx.doi.org/10.1109/ SURV.2013.070813.00214. ISCE.2011.5973804. Popa D, Cremene M, Borda M, Boudaoud K. A security framework for mobile cloud Thorwat MPD, Shetty MS. Implementation of multilevel authentication scheme for applications. In: 11th IEEE conference on roedunet international conference. multicloud environment. In: International conference on information and Sinaia, Romania: IEEE; 2013. p. 1–4. doi: http://dx.doi.org/10.1109/RoEduNet. communication technologies. Karnataka, India; 2014. p. 247–52. 2013.6511724. Tolia N, Andersen DG, Satyanarayanan M. Quantifying interactive user experience Qureshi SS, Ahmad T, Rafique K, Shuja Ul I. Mobile cloud computing as future for on thin clients. Computer 2006;39(3):46–52. mobile applications—implementation methods and challenging issues. In: 2011 Truong T-T, Tran M, Duong A-D. Robust mobile device integration of a fingerprint IEEE international conference on cloud computing and intelligence systems. biometric remote authentication scheme. In: 26th IEEE international con- Beijing, China: IEEE Computer Society; 2011. p. 467–71. http://dx.doi.org/10. ference on advanced information networking and applications. Fukuoka, Japan: 1109/CCIS.2011.6045111. Institute of Electrical and Electronics Engineers Inc.; 2012. p. 678–5. http://dx. Ra M-R, Sheth A, Mummert L, Pillai P, Wetherall D, Govindan R. Odessa: enabling doi.org/10.1109/AINA.2012.47. interactive perception applications on mobile devices. In: Proceedings of the Verbelen T, Simoens P, De Turck F, Dhoedt B. Adaptive deployment and config- 9th international conference on mobile systems, applications, and services. uration for mobile augmented reality in the cloudlet. J Netw Comput Appl New York, USA: IEEE Computer Society; 2011. p. 43–56. 2014;41(May):206–16. http://dx.doi.org/10.1016/j.jnca.2013.12.002. Rahimi MR, Venkatasubramanian N, Vasilakos AV. MuSIC: mobility-aware optimal Wang JK, Jia X. Data security and authentication in hybrid cloud computing model. service allocation in mobile cloud computing. In: IEEE sixth international In: 2012 IEEE global high tech congress on electronics. Shenzhen, China: IEEE; conference on cloud computing. Santa Clara Marriott, USA: IEEE; 2013. p. 2012. p. 117–20. doi: http://dx.doi.org/10.1109/GHTCE.2012.6490136. 75–82. http://dx.doi.org/10.1109/CLOUD.2013.100. Wang Y, Streff K, Raman S. Smartphone security challenges. Computer 2012; Rahul S, Sharda DJK. Security and privacy issues in cloud computing. Int J Eng Res 45(12):52–8. http://dx.doi.org/10.1109/MC.2012.288. Technol 2013;2(3). Wang S-C, Liao W-P, Yan K-Q, Wang S-S, Tsai S-H. Security of cloud computing Ren W, Yu L, Gao R, Xiong F. Lightweight and compromise resilient storage out- lightweight authentication protocol. In: 2nd international conference on engi- sourcing with distributed secure accessibility in mobile cloud computing. neering and technology innovation 2012. Kaohsiung, Taiwan: Trans Tech Pub- Tsinghua Sci Technol 2011;16(5):520–8. lications; 2013. p. 3502–6. doi: http://dx.doi.org/10.4028/www.scientific.net/ Riley M, Akkaya K, Fong K. A survey of authentication schemes for vehicular ad hoc AMM.284-287.3502. networks. Secur Commun Netw 2011;4(10):1137–52. http://dx.doi.org/10.1002/ Weiwei J, Haojin Z, Zhenfu C, Lifei W, Xiaodong L. SDSM: a secure data service sec.239. mechanism in mobile cloud computing. In: 2011 IEEE conference on computer Ruj S, Stojmenovic M, Nayak A. Privacy preserving access control with authenti- communications workshops. Shanghai, China: IEEE; 2011. p. 1060–5. http://dx. cation for securing data in clouds. In: 12th IEEE/ACM international symposium doi.org/10.1109/INFCOMW.2011.5928784. on cluster, cloud and grid computing. Ottawa, Canada: IEEE; 2012. p. 556–63. Xia F, Ding F, Li J, Kong X, Yang L, Ma J. Phone2Cloud: exploiting computation Sanaei Z, Abolfazli S, Shiraz M, Gani A. SAMI: service-based arbitrated multi-tier offloading for energy saving on smartphones in mobile cloud computing. Inf infrastructure model for mobile cloud computing. In: Proceedings of the IEEE Syst Front 2014;16(1):95–111. http://dx.doi.org/10.1007/s10796-013-9458-1. MobiCC'12. Beijing, China: IEEE; 2012. p. 14–9. Xiao Z, Xiao Y. Security and privacy in cloud computing. IEEE Commun Surv Tutor Sanaei Z, Abolfazli S, Gani A, Buyya R. Heterogeneity in mobile cloud computing: 2013;15(2):843–59. taxonomy and open challenges. IEEE Commun Surv Tutor 2013;16(1):369–92. Xuanxia Y, Xiaoguang H, Xiaojiang D. A lightweight access control mechanism for http://dx.doi.org/10.1109/SURV.2013.050113.00090. mobile cloud computing. In: 2014 IEEE conference on computer communica- Sang-Ho S, Dong-Hyun K, Yoo K-Y. A lightweight multi-user authentication scheme tions workshops. Toronto, Canada: IEEE; 2014. p. 380–5. http://dx.doi.org/10. based on cellular automata in cloud environment. In: 2012 IEEE 1st interna- 1109/INFCOMW.2014.6849262. tional conference on cloud networking. Paris, France: IEEE; 2012. p. 176–8. doi: Xu L, Zheng X, Guo W, Chen G. A cloud-based monitoring framework for smart http://dx.doi.org/10.1109/CloudNet.2012.6483680. home. In: 4th IEEE international conference on cloud computing technology 80 M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80

and science. Taipei, Taiwan: IEEE Computer Society; 2012. p. 805–10. http://dx. and basic technologies. Wuhan, China: SPIE; 2013. http://dx.doi.org/10.1117/12. doi.org/10.1109/CloudCom.2012.6427534 . 2014030. Xu L, Cao X, Zhang Y, Wu W. Software service signature (S3) for authentication in Yu-Jia C, Li-Chun W. A security framework of group location-based mobile appli- cloud computing. Clust Comput 2013;16(4):1–10. http://dx.doi.org/10.1007/ cations in cloud computing. In: 40th international conference on parallel pro- s10586-013-0262-y. cessing workshops. Taipei City: IEEE; 2011. p. 184–90. http://dx.doi.org/10.1109/ Yang SY, Hsu CL, Lee DL. An ontology-supported ubiquitous interface agent for ICPPW.2011.6. cloud computing-example on Bluetooth wireless technique with java pro- Zeng P, Cao Z, Choo K-k, Wang S. On the anonymity of some authentication gramming. In: Ninth international conference on and schemes for wireless communications. IEEE Commun Lett 2009;13(3):170–1. cybernetics. Qingdao, China: IEEE; 2010. p. 2971–8. http://dx.doi.org/10.1109/LCOMM.2009.081821. Yang S, Kwon Y, Cho Y, Yi H, Kwon D, Youn J, et al. Fast dynamic execution off- Zhang Z-h, Li J-j, Jiang W, Zhao Y, Gong B. An new anonymous authentication loading for efficient mobile cloud computing. In: 2013 IEEE international con- scheme for cloud computing. In: 7th international conference on computer ference on pervasive computing and communications (PerCom). San Diego, science and education. Melbourne, Australia: IEEE; 2012. p. 896–8. doi: http:// USA: IEEE; 2013. p. 20–8. http://dx.doi.org/10.1109/PerCom.2013.6526710. dx.doi.org/10.1109/ICCSE.2012.6295212. Yang S, Kwon D, Yi H, Cho Y, Kwon Y, Paek Y. Techniques to minimize state transfer costs Zhang J, Liu YS, Xue L. A remote monitoring system based on measuring instrument for dynamic execution offloading in mobile cloud computing. IEEE Trans Mob cloud. In: 4th international conference on industry, information system and Comput 2014;13(11):2648–60. http://dx.doi.org/10.1109/TMC.2014.2307293. material engineering. Switzerland, Nanjing, China: Trans Tech Publications; Yao D, Yu C, Jin H, Zhou J. Energy efficient task scheduling in mobile cloud com- 2014. p. 525–9. http://dx.doi.org/10.4028/www.scientific.net/AMR.1014.525. puting. In: Hsu C-H, Li X, Shi X, Zheng R, editors. Network and parallel com- Zhi-Hua Z, Jiang X-F, Jian-Jun L, Wei J. An identity-based authentication scheme in puting. Lecture notes in computer science, vol. 8147. Berlin, Heidelberg: cloud computing. In: 2012 international conference on industrial control and Springer; 2013. p. 344–55. http://dx.doi.org/10.1007/978-3-642-40820-5_29. electronics engineering. Xi'an, China: IEEE; 2012. p. 984–6. doi: http://dx.doi. Yassin AA, Jin H, Ibrahim A, Zou D. Anonymous password authentication scheme by org/10.1109/ICICEE.2012.261. using digital signature and fingerprint in cloud computing. In: Second inter- Zhou Z, Huang D. Efficient and secure data storage operations for mobile cloud national conference on cloud and green computing. Xiangtan, China: IEEE; computing. In: Proceedings of the 8th international conference on network and 2012. p. 282–9. doi: http://dx.doi.org/10.1109/CGC.2012.91. service management. International Federation for Information Processing, Las Yongqing S, Xiang Z. Desktop cloud-based research on unified authentication Vegas, USA; 2012. p. 37–45. architecture. In: 2012 spring congress on engineering and technology. Xian, Zhu H, Lin X, Shi M, Ho P-h, Shen XS. PPAB: a privacy-preserving authentication and China: IEEE; 2012. p. 1–4. doi: http://dx.doi.org/10.1109/SCET.2012.6342101. billing architecture for metropolitan area sharing networks. IEEE Trans Veh Yoon E-J, Choi S-B, Yoo K-Y. A secure and efficiency ID-based authenticated key Technol 2009;58(5):2529–43. http://dx.doi.org/10.1109/TVT.2008.2007983. agreement scheme based on elliptic curve for mobile devices. Zhu X, Yang LT, Chen H, Wang J, Yin S, Liu X. Real-time tasks oriented energy-aware Comput Sci Eng 2012;8(4):2637–53. scheduling in virtualized clouds. IEEE Trans Cloud Comput 2014;2(2):168–80. Yu X, Wen Q. Design of security solution to mobile cloud storage. In: Tan H, editor. Knowledge http://dx.doi.org/10.1109/TCC.2014.2310452. discovery and data mining- advances in intelligent and soft computing. Berlin, Heidel- Zissis D, Lekkas D. Addressing cloud computing security issues. Future Gener Comput Syst berg: Springer; 2012. p. 255–63. http://dx.doi.org/10.1007/978-3-642-27708-5_34. 2012;28(3):583–92. http://dx.doi.org/10.1016/j.future.2010.12.006. X. Yu, Q. Wen, A protect solution for data security in mobile cloud storage. In: 5th international conference on machine vision: algorithms, pattern recognition