In this article, we suggest a secure and cost-effective fuzzy access control protocol in mobile cloud computing. It is especially designed for small and medium enterprises (SMEs) providing business-to-customers services. Our protocol allows the SME to outsource its services to a cloud to reduce the running cost. At the same time, it does not require any communication between the cloud and the SME during user authentication stage. That is, SME can be offline after users have been registered. Users directly deal with the cloud for gaining access. This helps the SME to save a lot of resources, including a large bandwidth connecting with the cloud and a strong firewall system. Meanwhile, the user database never leaves the SME. In addition, our protocol can withstand common attacks such as dictionary attacks for server and phishing attacks for client. Our security protection is especially important for mobile users as mobile devices are easily exposed to such attacks. Furthermore, our protocol provides user traceability to SME and it is very efficient for mobile devices.
- Fuzzy access-control
- Mobile cloud