Mobile cloud computing blend mobile and cloud computing together with the help of wireless communication technology to achieve benefits for the stakeholders. These stakeholders include mobile users, mobile service operators and cloud service providers. Assorted challenges are also there for the implementation of mobile cloud computing but security and privacy are the dominant concerns. In order to achieve security and privacy of the said system several attempts are taken up. As the underlying system is complex and more prone against security threats, therefore strong authentication and privacy preserving schemes are desired. Three factor biometrics based authentication schemes are considered more secure for such huge and complex systems. Moreover, computational intelligence is getting popular nowadays for designing more vigorous and reliable biometrics based authentication schemes. Very recently, Tsai and Lo proposed an identity based authentication scheme for distributed mobile cloud computing environments. They claimed to achieve single sign on authentication for multiple service providers. Furthermore, they emphasized the usefulness and security of their scheme. However, the analysis in this paper shows that Tsai and Lo’s scheme is insecure against server forgery attack. It is proved that any adversaries having knowledge of just public parameters can forge as a valid service provider. Then an improved scheme is proposed to mitigate the security weakness. The security of proposed scheme is instantiated under random oracle model as well as the protocol validation model of popular automated tool ProVerif.
