The document presents a proposed framework for user authentication in mobile cloud environments called Dynamic Key Based User Authentication (DKBUA). The framework uses a dynamic key generation algorithm with six phases: registration, communication, key generation, key sending, encryption/decryption, and authentication. The algorithm is designed to be lightweight to reduce computation load. It also uses encryption/decryption to securely transmit communications. An analysis of existing authentication mechanisms is provided and the proposed framework is claimed to be resilient against denial of service attacks, known plaintext attacks, masquerading attacks, and insider attacks.

1. ISSN: 2312-7694
Cecil et al, / International Journal of Computer and Communication System Engineering (IJCCSE), Vol. 2 (5), 2015, 671-675
671 | P a g e
© IJCCSE All Rights Reserved Vol. 02 No.05 Oct 2015 www.ijccse.com
Dynamic Key Based User Authentication (DKBUA)
Framework for MobiCloud Environment
A. Cecil Donald
Research Scholar in Computer Science
St. Joseph’s College (Autonomous)
Tiruchirappalli, Tamil Nadu, India
M. Regin
M. Phil. Scholar in Computer Science
St. Joseph’s College (Autonomous)
Tiruchirappalli, Tamil Nadu, India
Dr. A. Aloysius
Assistant Professor in Computer Science
St. Joseph’s College (Autonomous)
Tiruchirappalli, Tamil Nadu, India
Dr. L. Arockiam
Associate Professor in Computer Science
St. Joseph’s College (Autonomous)
Tiruchirappalli, Tamil Nadu, India
Abstract— Mobile Cloud Computing (MCC) is the profitable
field in business and it reduces the running and developing cost
of mobile applications and mobile users. In this emerging
technology security is the main issue as it combines the concept of
Mobile Computing and Cloud Computing. This paper focuses on
the Authentication which is one of the five pillars of Information
Assurance (IA). Critical analysis is made based on the various
existing mechanisms. In this paper, a user authentication
framework is proposed to authenticate users in mobile cloud
environment using Dynamic Key Generation Algorithm. The
algorithm is categorized into six phases: Registration,
Communication, Key Generation, Key Sending, Encryption &
Decryption and Authentication. The proposed algorithm is
lightweight which reduces the computation load and easy to use.
The process of encryption and decryption is used to make the
communication more secure. Moreover, the proposed work is
resilient against Denial of Service (DoS) attack, Known plaintext
attack, Masquerading attack and insider attack.
Index Terms— Authentication, Key Generation, Mobile Cloud
Computing (MCC), Security, Dynamic Key.
I. INTRODUCTION
Mobile Cloud Computing (MCC) is the rich technology for
mobile devices. The Main goal of MCC is to enable execution
of rich mobile applications on mobile devices, with a rich user
experience. MCC provides more opportunities for cloud
providers as well as Mobile Network Providers. The secure
communication of today’s mobile devices is of high interest
because the threats have increased and it is now not easy to
handle the billions of devices securely [1]. Authentication is
the most important factor to protect systems against attacks,
and authentication methods should be lightweight, also
computation and communication costs should be little [2]. The
combination of cloud computing and mobile computing
introduces mobile cloud computing, which also present new
issues of security threats such as unauthorized access to
resources exists in mobile cloud. In MCC, Authentication is the
main security issue as it is the doorstep for all process. The
proposed framework uses the Pseudo Random Number
Generation (PRNG) algorithm to generate the key. The
proposed algorithm resists the Denial of Service (DoS), Plain
Text Attack, Masquerading attack and insider attack. It takes
less time for key generation. Section II describes the
Motivation of the research work. Section III discusses the
related authentication mechanisms and methodologies, section
IV analyses and compares the existing authentication
mechanisms. Section V represents issues and challenges of
authentication mechanisms, and section VI presents the
proposed framework, components and workflow diagram and
the algorithm for proposed work. Section VII projects the
results and discussions of the proposed work and finally,
Section VIII concludes the paper.
II. MOTIVATION
Mobile computing is the emerging technology. MCC has
many open issues which is not yet solved. Security is one of
the major issues in Mobile cloud environment. Authentication
is one of the important factors in security which is used to
prevent user’s data from unauthorized access. Traditional
Authentication methods didn’t provide a reliable security to the
user and the Cloud Service Provider. So, it is essential to
develop an efficient mechanism to provide better security to
the user’s data in mobile cloud environment. Developing
mechanism should be light weight.
III. LITERATURE BACKGROUND
Laleh Boroumand et al. [3] have proposed port knocking
method for authentication in mobile cloud computing. Current
port knocking method is divided into two main categories,
which includes static and dynamic knock sequences. The port
knocking authentication methods are compared on the basis of
significant parameters that illustrate the commonalities and
differences in current methods. In this paper they also
discussed the integrity and suitability of the port knocking
authentication method for Mobile Cloud Computing. Port
knocking method provides a lightweight application layer
solution for addressing the security issues in Mobile Cloud
Computing. It provides a suitable security layer to ensure
authentic communication between smart mobile devices and
Mobile Cloud Computing. Current port-knocking
authentication methods are compared based on static or

2. ISSN: 2312-7694
Cecil et al, / International Journal of Computer and Communication System Engineering (IJCCSE), Vol. 2 (5), 2015, 671-675
672 | P a g e
© IJCCSE All Rights Reserved Vol. 02 No.05 Oct 2015 www.ijccse.com
dynamic knocked sequences, which tend to solve the Network
Address Translation knock and Denial of Service attacks.
Costin Andrei et al. [4] described a method for
implementing two-factor authentication using smart phones as
software tokens. The proposed system will use the mobile
phone as software token and generate unique one time
passwords (OTP). It will be used when authenticating to an
Internet Banking application. The tokens can also serve as a
method of signing online money orders. They have focused on
the implementation of two-factor authentication on any smart-
phone that allows third-party developers to add and run
applications such as Android, Apple's iOS, Windows Phone,
BlackBerry OS, Symbian. The implemented demo application
was created for only Android, but can be easily written on any
other operating system.
Bhavana et al. [5] have proposed a new framework called
Password Authentication System for Cloud Environment
(PASCE), which is immune to the common attacks suffered by
other verification schemes. Password Authentication System
for Cloud Environment (PASCE) uses graphical authentication
system with image in reshuffled format when the data
upload/download into the cloud account. This technique can be
classified into two categories:
1. Recognition-based graphical technique.
2. Recall based graphical technique.
No password information is exchanged between the client
and the server by using PAS authentication system. Strength of
PASCE is creating a good verification space.
Thamba Meshach et al. [6] presented the current state of
mobile-cloud authentication technology and the proposed
system Mobile Cloud Key Exchange (MCKE), an
authenticated key exchange scheme that aims at efficient
authentication. This scheme is designed based on randomness-
reuse strategy and Internet Key Exchange (IKE) scheme.
Theoretical analysis and simulation results are compared with
the IKE scheme; the Mobile Cloud Key Exchange scheme can
improve the efficiency and reduce time consumption and
computation load without sacrificing the level of security. This
scheme has been designed based on the commonly-used
Internet Key Exchange (IKE) scheme and randomness-reuse
strategy.
Chunhua Chen et al. [7] proposed a general scheme that
converts a simple static password authentication mechanism
into a one-time password (OTP) system using the GAA key
establishment service. The scheme uses a GAA-enabled user
device and a GAA-aware server. OTP systems use a dedicated
key-bearing token, so that the user device does not need to be
user or server specific, and can be used in the protocol with no
registration or configuration (except for the installation of the
necessary application software). The Proposed scheme is
secure, scalable and fits well to the multi-institution scenario,
and enable the provision of ubiquitous and on-demand OTP
services. It fits well to the multi institution scenario. User needs
only a GAA enabled mobile phone with a valid subscription.
Mahnoush Babaeizadeh et al. [8] have proposed Keystroke
Dynamic Authentication (KDA). It is a type of behavioral
biometric authentication. It is based on behavioral style of each
person’s typing on a keyboard. It can identify the user based on
their habitual typing pattern. Keystroke dynamics implies on
the process of measuring human’s typing rhythm on digital
devices. In another words, it is not important what you type,
but how you type. In this paper, Google Drive is considered as
data storage. Authors have used keystroke authentication in
mobile communication. It helps to identify users based on their
unique behavioral biometric and unlike the other biometric
methods, Keystroke analysis does not require the aid of extra
special tools. Therefore, it is cheaper than other type of
biometric authentication methods.
Deepak et al. [9] proposed a secure mobile cloud-based
algorithm, where the user's mobile phone is used as an
authentication device, presenting a onetime encrypted
password for the user and password is decrypted using
Dynamic key generation algorithm in user's mobile application.
The authors also described key security considerations and
challenges which are currently faced in the Cloud.
IV. ANALYSIS ON EXISTING MECHANISMS
From the literature of existing authentication mechanisms
[10], a comparative analysis is made to clearly understand the
problems in Mobile Cloud explained in table I.
TABLE I. ANALYSIS OF VARIOUS AUTHENTICATION MECHANISMS
Author Proposed Work Advantages
Drawbacks /
Limitations
Francisco
et al.
One- two- and
three factor
authentication
Mechanism
Provides Strong
security,
Easy to use
Not suitable for
all environments
Yogesh
Patel et al.
Multilevel
Authentication
Provides service
level security
and provides
User Based
Access Control
User needs to
enter credentials
every session
Yeh et al.
Visual Password
Authentication
Scheme
No need to
remember any
passwords
Larger variability
in the voiceprint
characteristics,
Information Loss
Rassan et
al.
Fingerprint
Authentication
Mechanism
Improved
Performance
and Security
No input is
allowed from user
to enter the
system
Vineet
Guha et al.
Key Generation
Mechanism
Network Key,
Suits
SaaS & PaaS
Inaccurate results
Indrajit
Das et al.
Authentication
Mechanism
Light weight Not Secure
Mohamma
d et al.
Lightweight
Authentication
Protocol
Easy and
Reduces
Latency
Consumes more
time especially in
wireless
communications.
Jin et al.
Mobile Device
authentication
Supports
authorization
service, device
certification
RADIUS server
can’t provide
security services
Davit
Authentication
and Authorization
Flexible,
security,
No Privacy

3. ISSN: 2312-7694
Cecil et al, / International Journal of Computer and Communication System Engineering (IJCCSE), Vol. 2 (5), 2015, 671-675
673 | P a g e
© IJCCSE All Rights Reserved Vol. 02 No.05 Oct 2015 www.ijccse.com
techniques reliable and
effective
Chow et al.
Behavioral
Authentication
Trust Cube
Method
Not Supported for
all devices
Gokaj et al.
Mobile Signature
Authentication
Lightweight
Mechanism
Unable to detect
the attacks
Deepa et
al.
Multifactor
authentication
using smart
phones as
software tokens.
No external
Devices and
generates
unique One
Time Passwords
(OTP)
User Anonymity
and Availability is
not addressed
Sanjoli et
al.
Rijndael
encryption with
EAP-CHAP
encryption
Provides
Authentication
and
Authorization
Prone Server Port
attack
Kashif et
al.
SSO based
authentication
Ability to
access Multiple
Services
Prone to man-in-
the Middle Attack
Neha et al.
Data encryption
and Key
Exchange
mechanism
Secure
Connection
Time delay due to
Complexity
V. ISSUES AND CHALLENGES
From the comprehensive literature review of existing and
proposed frameworks of MCC explained in the above section,
it is evident that there are some major issues and challenges in
MCC. Those issues and challenges are highlighted and
categorized below. The security related issues are then divided
into two broad categories as listed below.
A. Mobile Cloud Infrastructure Issues
B. Mobile Cloud Communication Channel Issues
A. Mobile Cloud Infrastructure Issues
From cloud infrastructure point of view, a variety of
attacks are possible on the cloud. Some of these attacks
are given below.
 Attacks on Virtual Machines
 Authorization and Authentication
 Attacks from Local Users
 Hybrid Cloud Security Management Issues
B. Mobile Cloud Communication Channel Issues
A lot of improvement needs to be done in the mobile
cloud communication channel. The following attacks
exist on communication channel.
 Access Control Attacks
 Attacks on Authentication
 Attacks on Availability
 Data Integrity Attacks
VI. PROPOSED AUTHENTICATION FRAMEWORK
The proposed mechanism holds six phases where each
phase is involved in authentication process. Fig 1 shows the
methodology of the proposed authentication mechanism.
A. Components of Framework
i. Users
User uses the mobile device to access the cloud
application services through login process. User can be
classified as Individual Users, Enterprise Users,
Administrators, etc.
ii. Mobile Network (MN)
Mobile Network (MN) plays an important role in
Mobile Cloud which provides the network to the user. It
acts as an intermediator between mobile user and server.
The MN authenticated the user by using the existing strong
mechanisms like AAA which resides in the AAA Server /
RADIUS Server.
Fig 1. Proposed MobiCloud Authentication Framework
iii. Authentication Server (AS)
Authentication server performs the authentication
using an efficient algorithm. The purpose is to validate the
user’s identity using user credentials like username,
password and other Unique Entities etc. When user submits
his/her details, the AS receives the request in the encrypted
form that no intermediator can view/understand the data.
iv. Cloud Storage
Database is a structured collection of records, files or
data which is used to store the user’s details in computer
system.
v. Key Generator (KG)
Key Generator plays a vital role in the authentication
process where it generates the key for performing
authentication and granting access to the appropriate cloud
services. Keys can be of two types: One is the Symmetric
Key where it has only one key that can be used for
encryption/ decryption and other one is Asymmetric key
where it uses two keys. (i.e.) a Private Key and a Public
Key.
vi. Cloud Service Provider (CSP)
Cloud Service Provider is a third party who provides
the Cloud Services. CSP shall provide any kind of services
on the “Pay-as-you-go” basis. Google, Amazon, IBM are
the major Cloud Service Providers. The CSP has the tie-up

4. ISSN: 2312-7694
Cecil et al, / International Journal of Computer and Communication System Engineering (IJCCSE), Vol. 2 (5), 2015, 671-675
674 | P a g e
© IJCCSE All Rights Reserved Vol. 02 No.05 Oct 2015 www.ijccse.com
with the user using Cloud Resource Policy / Service Level
Agreement (SLA).
B. Authentication Phase
Registration is done only once when mobile user
wants to access mobile cloud services. After registration
whenever mobile user wants to use mobile cloud services,
he/she must be authenticated. The mobile user submits
his/her login details and unique information to the Cloud
Authentication Server (CAS). Those details are encrypted
and stored in the cloud database. Now, the cloud server
checks for identity and if it is matched, the user is prompted
for the key. At the same time key generator generates a key
which is sent to the user and also to the database through
Cloud Authentication Server (CAS). User provides the
received key to the CAS to access the desired cloud
services. The Cloud Authentication Server checks for the
key and provides the access if it is matched. The access is
controlled by Cloud Controller (CC). Finally, the Cloud
Controller provides the Cloud Application Services.
C. Workflow Diagram of Proposed Work
User
Registration
Login
Checks Authorized or Not
Re-login / Unauthorized
User
Insists for Key Generation
Key with Acknowledgement Authentication Server
Check for Key Matching
Access Cloud Services
Invalid Key
Deny Access
Yes
Yes
No
No
Fig 2. Process Flow Diagram for Authentication
D. Dynamic Key Generation Algorithm
Table II explains the encryption algorithm which
is used for generating a key using a Pseudo Random
Number Generation (PRNG). Here, cryptographically
strong PRNG algorithm is considered in which no
intruder can predict as the random is more. Then, each
character is converted into ASCII character code. The
log function is applied on the obtained result. Finally,
trigonometric function on the value. This rounded value
acts as the key and sent to the desired user.
TABLE II. ALGORITHM FOR ENCRYPTION
Step 1: Generate random string using PRNG.
//Generated random string may be A-Z, a-z, 0-9 //
Step 2: Convert each character into its equivalent ASCII code.
Step 3: Apply log function to the obtained result in step 2.
Step 4: Apply trigonometric function to the result obtained in the step
3. Round the value to 4 decimal places.
Step 5: Transmit the key (step 4 result) to mobile device of the user.
The following table III shows the algorithm for decrypting
the encrypted key. The Decryption process is taken place at the
user side to avoid insider attack. After the decryption process,
the key will be sent to the Authentication Server (AS). If the
key is matched, the AS grants access to the cloud services to
the user.
TABLE III. ALGORITHM FOR DECRYPTION
Step 1: Mobile Device receives the Key sent by Key Generator.
Step 2: Shifting the number of decimal places indicated by the last
bit of the encrypted key.
//If the key is 441312, the number of places shifted should be
2 from left to right. So, the value obtained is 44.131//
Step 3: Apply inverse of sine function to the key
//This helps in the reverse process of getting the original
key//
Step 4: Apply Antilog function to the obtained result in Step 3.
Step 5: The result of step 4 will give the original key in the
numerical format.
Step 6: The result obtained in the step 5 is then converted into ASCII
code to get the original string.
Step 7: This key is sent to the authentication server for getting access
to cloud applications.
VII. RESULTS AND DISCUSSIONS
The proposed algorithm is simulated in Java NetBeans 8 to
show the time taken for generating the key. The code is written
for both encryption and decryption are given in table II and
table III respectively. It is important to note that the time taken
for decryption is comparatively less than the time taken for the
decrypting the key. The obtained results are tabulated and
shown in the below table IV.
TABLE IV. TIME TAKEN FOR GENERATING KEY
S. No. Random Number Obtained key Time Taken (ms)
1 2Y%-a 999087 8
2 8W&o2 532466 24
3 6(A@n 380928 11
4 %0X2!k 566884 39
5 +9;sB 997240 17
VIII. CONCLUSION
This research work mainly focuses on secured
Authentication. Using Authentication parameters user’s
sensitive data can be protected from internal and external
attack. Proposed framework is used for identifying and
protecting user’s data. Key generation mechanism is proposed
to identify and authenticate the user’s data. Using this
mechanism Encryption and decryption process is done.
Cryptographic (Symmetric Key) technique is used to provide

5. ISSN: 2312-7694
Cecil et al, / International Journal of Computer and Communication System Engineering (IJCCSE), Vol. 2 (5), 2015, 671-675
675 | P a g e
© IJCCSE All Rights Reserved Vol. 02 No.05 Oct 2015 www.ijccse.com
secure communication between Cloud Service Provider and
users. It is more secure and efficiency.
REFERENCES
[1] R. Gokaj, M.Ali Aydin, R, Selami Zbey, “Mobile Cloud
Authentication and Secure Communication”, In Proc. of
International Conference on Information Security and
Cryptology, September 2013.
[2] Mohammad Rasoul momeni, Iman reza, “A lightweight
Authentication scheme for Mobile Cloud Computing”,
International Journal of Computer Science and Business
Informatics, Vol. 14, No. 2, ISSN: 1694-2108, September 2014,
pp. 56-61.
[3] Laleh Boroumand, Muhammad shiraz, Abdulla gani, Suleman
Khan, Syed Adeel ali shah, “A Review on Port knocking
Authentication Methods for Mobile cloud computing”, Journal
of Centre for mobile cloud computing research (C4MCCR),
Vol.4, Issue.2, October 2013.
[4] Costin Andrei, “Internet Banking Two- factor Authentication
using Smart Phones”, Journal of mobile Embedded and
Distributed Systems”, Vol. 4, Issue 1, ISSN: 2067-4074, June
2012
[5] Bhavana A., Alekhya v., Deepak k., Sreenivas, “Password
Authentication system for cloud Environment”, International
Journal of Advanced Computer science and Information
Technology (IJACSIT), Vol. 2, Issue 1, ISSN: 2320-0235,
January 2013.
[6] Thamba Meshach, K. S. Suresh Babu, “Secured and Efficient
Authentication scheme for Mobile cloud”, International Journal
of Innovations in Engineering and technology (IJIET), Vol. 2,
Issue 1, ISSN: 2319-1058, February 2013.
[7] Chunha Chen, Chris. j. Mitchell, Shaohua tang, “Ubiquitious
One Time Password (OTP) Service using the Generic
Authentication Architecture”, Mobile Network Applications,
ISSN.738-747, November 2013.
[8] Mahnosush Babaeizadeh, Majid Bakhitiari and Mohd Aizaini
maarof, “Keystroke Dynamic Authentication in Mobile Cloud
Computing”, International Journal of Computer Applications
(IJCA), Vol. 90, Issue 1, March 2014, pp. 29-36.
[9] Deepak G., Pradeep B., S. Shreyas srinath, “Dyanamic Key
Generation Algorithm for User Authentication at Mobile Cloud
Environment”, International Journal of Science and Research
(IJSR), Vol. 3, Issue 7, ISSN: 2319-7064, July 2014.
[10] A. Cecil Donald and L. Arockiam, “A Unified Cloud
Authenticator for Mobile Cloud Computing Environment”,
IJCA Proceedings on International Conference on Advanced
Computing and Communication Techniques for High
Performance Applications (ICACCTHPA 2014), February 2015,
ISSN: 0975 – 8887, pp. 29-34.