Skip to main content
SpringerLink
Log in

A Secure Anonymity Preserving Authentication Scheme for Roaming Service in Global Mobility Networks

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

In real-life applications, ensuring secure transmission of data over public network channels to prevent malicious eavesdropping of the data is an important issue. Several potential security risks arise while protecting data and providing access control over the data. Due to the broadcast nature of the wireless channels, wireless networks are often vulnerable to various possible known attacks. Therefore, designing a secure and efficient authentication scheme in the global mobility network (GLOMONET) environment becomes a challenging task to the researchers. In recent years, several user authentication schemes for roaming services in GLOMONET have been proposed. However, most of them are either vulnerable to various known attacks or they are inefficient. Most recently, Zhao et al. proposed an anonymous authentication scheme for roaming service in GLOMONET (Zhao et al. in Wireless Personal Communications 78:247–269, 2014) and they claimed that their scheme can withstand all possible known attacks. In this paper, Zhao et al.’s scheme is revisited, and it is shown that their scheme fails to provide strong user anonymity when the session-specific temporary information are revealed to an adversary. Further, their scheme does not protect replay attack, offline password guessing attack and privileged-insider attack. In addition, there is no provision for revocation and re-registration mechanism in their scheme and also there exists design flaw in their schemeu. Moreover, another recently proposed Memon et al.’s scheme (Memon et al. in Wireless Personal Communications 84:1487–1508, 2015) fails to protect the privileged-insider attack. Thus, there is a great need to provide security enhancement of their schemes in order to apply in practical applications. The proposed scheme withstands the security weaknesses found in Zhao et al.’s scheme and Memon et al.’s scheme. Through the rigorous formal and informal security analysis, it is shown that the proposed scheme has the ability to tolerate various known attacks. In addition, the proposed scheme is simulated using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications tool and the simulation results reveal that the proposed scheme is secure. The proposed scheme is also efficient in computation and communication as compared to Zhao et al.’s scheme and other related schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Advanced Encryption Standard, U.S. Department of Commerce, November 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. Accessed Nov 2010.

  2. AVISPA. Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/. Accessed Aug 2015.

  3. AVISPA. AVISPA Web Tool. http://www.avispa-project.org/web-interface/expert.php/. Accessed Aug 2015.

  4. Bellare, M., Boldyreva, A., & Micali, S. (2000). Public-key encryption in a multi-user setting: Security proofs and improvements. In Advances in cryptology—EUROCRYPT 2000 (pp. 259–274). Springer.

  5. Bellare, M., Canetti, R., & Krawczyk, H. (1998). A modular approach to the design and analysis of authentication and key exchange protocols. In Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing (STOC) (pp. 419–428). Dallas: ACM.

  6. Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.

    Article  MATH  Google Scholar 

  7. Canetti, R., & Krawczyk, H. (2001). Analysis of key-exchange protocols and their use for building secure channels. In Advances in cryptology—EUROCRYPT 2001 (pp. 453–474). Innsbruck: Springer.

  8. Chang, C., Lee, C., & Chiu, Y. (2009). Enhanced authentication scheme with anonymity for roaming service in global networks. Computer Communications, 34(4), 611–618.

    Article  Google Scholar 

  9. Das, A. K. (2011). Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Information Security, 5(3), 145–151.

    Article  Google Scholar 

  10. Das, A. K. (2013). A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Networking Science, 2(1–2), 12–27.

    Article  Google Scholar 

  11. Das, A. K. (2016). A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Networking and Applications, 9(1), 223–244.

  12. Das, A. K., & Goswami, A. (2013). A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37(3), 9948.

    Article  Google Scholar 

  13. Das, A. K., Paul, N. R., & Tripathy, L. (2012). Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Information Sciences, 209, 80–92.

    Article  MathSciNet  MATH  Google Scholar 

  14. Das, A. K. (2015). A secure and efficient user anonymity-preserving three-factor authentication protocol for large-scale distributed wireless sensor networks. Wireless Personal Communications, 82(3), 1377–1404.

    Article  Google Scholar 

  15. Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.

    Article  MathSciNet  MATH  Google Scholar 

  16. Dutta, R., & Barua, R. (2008). Provably secure constant round contributory group key agreement in dynamic setting. IEEE Transactions on Information Theory, 54(5), 2007–2025.

    Article  MathSciNet  MATH  Google Scholar 

  17. Gope, P., & Hwang, T. (2015). Enhanced secure mutual authentication, and key agreement scheme preserving user anonymity in global mobile networks. Wireless Personal Communications, 82(4), 2231–2245.

    Article  Google Scholar 

  18. Gope, P., & Hwang, T. (2016). Lightweight and energy-efficient mutual authentication and key agreement scheme with user anonymity for secure communication in global mobility networks. IEEE Systems Journal, 10(4), 1370–1379.

    Article  Google Scholar 

  19. He, D., Ma, M., Zhang, Y., Chen, C., & Bu, J. (2011). A strong user authentication scheme with smart cards for wireless communications. Computer Communications, 34(3), 367–374.

    Article  Google Scholar 

  20. He, D., Zhang, Y., & Chen, J. (2014). Cryptanalysis and improvement of an anonymous authentication protocol for wireless access networks. Wireless Personal Communications, 74(2), 229–243.

    Article  Google Scholar 

  21. Jiang, Q., Ma, J., Li, G., & Yang, L. (2013). An enhanced authentication scheme with privacy preservation for roaming services in global mobility networks. Wireless Personal Communications, 68(4), 1477–1491.

    Article  Google Scholar 

  22. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in cryptology—CRYPTO’99 (pp. 388–397). California: Springer.

  23. Lee, C., Hwang, M., & Liao, I. (2006). Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE Transactions on Industrial Electronics, 53(5), 1683–1686.

    Article  Google Scholar 

  24. Li, C. T., & Lee, C. (2012). A novel user authentication and privacy preserving scheme with smart cards for wireless communications. Mathematical and Computer Modelling, 55(1–2), 35–44.

    Article  MathSciNet  MATH  Google Scholar 

  25. Li, X., Niu, J.-W., Ma, J., Wang, W.-D., & Liu, C.-L. (2011). Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 34, 73–79.

    Article  Google Scholar 

  26. Memon, I., Hussain, I., Akhtar, R., & Chen, G. (2015). Enhanced Privacy and Authentication: An Efficient and Secure Anonymous Communication for Location Based Service Using Asymmetric Cryptography Scheme. Wireless Personal Communications, 84(2), 1487–1508.

    Article  Google Scholar 

  27. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  MathSciNet  Google Scholar 

  28. Mun, H., Han, K., Lee, Y. S., Yeun, C. Y., & Choi, H. H. (2012). Enhanced secure anonymous authentication scheme for roaming service in global mobility networks. Mathematical and Computer Modelling, 55, 214–222.

    Article  MathSciNet  MATH  Google Scholar 

  29. Nickalls, R. W. D. (1993). A new approach to solving the cubic: Cardan’s solution revealed. The Mathematical Gazette, 77(480), 354–359.

    Article  Google Scholar 

  30. Odelu, V., Das, A. K., & Goswami, A. (2014). A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Information Sciences, 269, 270–285.

    Article  MathSciNet  MATH  Google Scholar 

  31. Odelu, V., Das, A. K., & Goswami, A. (2015). A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Transactions on Information Forensics and Security, 10(9), 1953–1966.

    Article  Google Scholar 

  32. Odelu, V., Das, A. K., & Goswami, A. (2015). DMAMA: Dynamic migration access control mechanism for mobile agents in distributed networks. Wireless Personal Communications, 84(1), 207–230.

    Article  Google Scholar 

  33. Odelu, V., Das, A. K., & Goswami, A. (2015). An effective and robust secure remote user authenticated key agreement scheme using smart cards in wireless communication systems. Wireless Personal Communications,. doi:10.1007/s11277-015-2721-7.

    Google Scholar 

  34. Odelu, V., Das, A. K., & Goswami, A. (2015). A secure and scalable group access control scheme for wireless sensor networks. Wireless Personal Communications,. doi:10.1007/s11277-015-2866-4.

    Google Scholar 

  35. Sarkar, P. (2010). A simple and generic construction of authenticated encryption with associated data. ACM Transactions on Information and System Security, 13(4), 33.

    Article  Google Scholar 

  36. Stallings, W. (2006). Cryptography and network security: Principles and practices (3rd ed.). Pearson Education India.

  37. von Oheimb, D. (2005). The high-level protocol specification language HLPSL developed in the EU project AVISPA. In Proceedings of APPSEM 2005 Workshop.

  38. Wang, D., He, D., Wang, P., & Chu, C. (2015). Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Transactions on Dependable and Secure Computing, 12(4), 428–442.

    Article  Google Scholar 

  39. Wen, F., Susilo, W., & Yang, G. (2013). A secure and effective user authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 73(3), 993–1004.

    Article  Google Scholar 

  40. Wu, C., Lee, W., & Tsaur, W. (2008). A secure authentication scheme with anonymity for wireless communications. IEEE Communications Letters, 12(10), 722–723.

    Article  Google Scholar 

  41. Wu, S., & Chen, K. (2012). An efficient key-management scheme for hierarchical access control in e-medicine system. Journal of Medical Systems, 36(4), 2325–2337.

    Article  Google Scholar 

  42. Zhao, D., Peng, H., Li, L., & Yang, Y. (2014). A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 78(1), 247–269.

    Article  Google Scholar 

  43. Zhou, T., & Xu, J. (2011). Provable secure authentication protocol with anonymity for roaming service in global mobility networks. Computer Networks, 55(1), 205–213.

    Article  MathSciNet  MATH  Google Scholar 

  44. Zhu, J., & Ma, J. (2004). A new authentication scheme with anonymity for wireless environments. IEEE Transactions on Consumer Electronics, 55(1), 230–234.

    Google Scholar 

Download references

Acknowledgements

The authors would like to acknowledge the many helpful suggestions of the anonymous reviewers and the Editor, which have improved the content and the presentation of this paper. This research is supported by the National Natural Science Foundation of China under Grant No. 61300220, and it is also supported by PAPD and CICAEET.

Author information

Authors and Affiliations

  1. Department of Mathematics, Indian Institute of Technology, Kharagpur, 721 302, India

    Vanga Odelu & Adrijit Goswami

  2. Department of Computer Science and Engineering, Indian Institute of Information Technology, Chittoor, Sri City, Andhra Pradesh, 517 588, India

    Vanga Odelu

  3. Department of Information Technology, Jadavpur University, Salt Lake City, Kolkata, 700 098, India

    Soumya Banerjee & Samiran Chattopadhyay

  4. Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, 500 032, India

    Ashok Kumar Das

  5. Department of Mathematics, Ch. Charan Singh University, Meerut, Uttar Pradesh, India

    Saru Kumari

  6. School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan, 411 201, China

    Xiong Li

  7. Nanjing University of Information Science and Technology, Nanjing, 210044, China

    Xiong Li

Authors
  1. Vanga Odelu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Soumya Banerjee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ashok Kumar Das
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Samiran Chattopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Xiong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Adrijit Goswami
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vanga Odelu.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Odelu, V., Banerjee, S., Das, A.K. et al. A Secure Anonymity Preserving Authentication Scheme for Roaming Service in Global Mobility Networks. Wireless Pers Commun 96, 2351–2387 (2017). https://doi.org/10.1007/s11277-017-4302-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-017-4302-4

Keywords

Search

Navigation