An improved authentication protocol for distributed mobile cloud computing services

Tsai and Lo have recently proposed an efficient authentication protocol based on a bilinear pairing cryptosystem for use in distributed mobile cloud computing services. They claim that the protocol provides mutual authentication and privacy to users, and also generates and exchanges session keys for each pair of communicating parties. This paper analyzes the security of the authentication protocol and demonstrates that the protocol is vulnerable to impersonation attacks and does not provide user anonymity and untraceability to users. The improved protocol presented in this paper prevents impersonation attacks and provides user anonymity and untraceability with only slight performance degradation.