Springer Nature is making Coronavirus research free. View research | View latest news | Sign up for updates

A secure biometric-based authentication protocol for global mobility networks in smart cities

  • 21 Accesses


Smart city is an important concept in urban development. The use of information and communication technology to promote quality of life and the management of natural resources is one of the main goals in smart cities. On the other hand, at any time, thousands of mobile users send a variety of information on the network, and this is the main challenge in smart cities. To overcome this challenge and collect data from roaming users, the global mobility network (GLOMONET) is a good approach for information transfer. Consequently, designing a secure protocol for GLOMONET is essential. The main intention of this paper is to provide a secure protocol for GLOMONET in smart cities. To do this, we design a protocol that is based on Li et al.’s protocol, which is not safe against our proposed attacks. Our protocol inherits all the benefits of the previous one; it is entirely secure and does not impose any more communication overhead. We formally analyze the protocol using BAN logic and compare it to similar ones in terms of performance and security, which shows the efficiency of our protocol. Our proposed protocol enables mobile users and foreign agents to share a secret key in 6.1 ms with 428 bytes communication overhead, which improves the time complexity of the previous protocol to 53%.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7


  1. 1.

    Aghili SF, Mala H, Shojafar M, Peris-Lopez P (2019) Laco: lightweight three-factor authentication, access control and ownership transfer scheme for e-health systems in IoT. Future Gener Comput Syst 96:410–424

  2. 2.

    Amin R, Islam SH, Biswas G, Khan MK, Leng L, Kumar N (2016) Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks. Comput Netw 101:42–62

  3. 3.

    Chatterjee S, Roy S, Das AK, Chattopadhyay S, Kumar N, Vasilakos AV (2016) Secure biometric-based authentication scheme using chebyshev chaotic map for multi-server environment. IEEE Trans Dependable Secure Comput 15(5):824–839

  4. 4.

    Chen Y, Martínez JF, Castillejo P, López L (2018) A lightweight anonymous client-server authentication scheme for the internet of things scenario: Lauth. Sensors 18(11):3695

  5. 5.

    Cynthia J, Parveen Sultana H, Saroja MN, Senthil J (2019) Security protocols for IoT. In: Jeyanthi N, Abraham A, Mcheick H (eds) Ubiquitous computing and computing security of IoT. Studies in big data. vol 47. Springer, Cham.

  6. 6.

    Dameri RP (2013) Searching for smart city definition: a comprehensive proposal. Int J Comput Technol 11(5):2544–2551

  7. 7.

    Dameri RP (2017) Smart city definition, goals and performance. In: Smart city implementation. Progress in IS. Springer, Cham.

  8. 8.

    Das AK, Wazid M, Kumar N, Vasilakos AV, Rodrigues JJ (2018) Biometrics-based privacy-preserving user authentication scheme for cloud-based industrial internet of things deployment. IEEE Internet Things J 5(6):4900–4913

  9. 9.

    Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: International Conference on the Theory and Applications of Cryptographic Techniques. Springer, pp 523–540

  10. 10.

    Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

  11. 11.

    Dua A, Kumar N, Das AK, Susilo W (2017) Secure message communication protocol among vehicles in smart city. IEEE Trans Veh Technol 67(5):4359–4373

  12. 12.

    Farash MS, Turkanović M, Kumari S, Hölbl M (2016) An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment. Ad Hoc Netw 36:152–176

  13. 13.

    Gope P, Das AK (2017) Robust anonymous mutual authentication scheme for n-times ubiquitous mobile cloud computing services. IEEE Internet Things J 4(5):1764–1772

  14. 14.

    Gope P, Hwang T (2016) An efficient mutual authentication and key agreement scheme preserving strong anonymity of the mobile user in global mobility networks. J Netw Comput Appl 62:1–8

  15. 15.

    Gunasinghe H, Bertino E (2017) Privbiomtauth: privacy preserving biometrics-based and user centric protocol for user authentication from mobile phones. IEEE Trans Inf Forensics Secur 13(4):1042–1057

  16. 16.

    He D, Kumar N, Chilamkurti N (2015) A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf Sci 321:263–277

  17. 17.

    He D, Ma M, Zhang Y, Chen C, Bu J (2011) A strong user authentication scheme with smart cards for wireless communications. Comput Commun 34(3):367–374

  18. 18.

    Jannati H, Bahrak B (2017) An improved authentication protocol for distributed mobile cloud computing services. Int J Crit Infrastruct Prot 19:59–67

  19. 19.

    Jiang Q, Ma J, Wei F, Tian Y, Shen J, Yang Y (2016) An untraceable temporal-credential-based two-factor authentication scheme using ecc for wireless sensor networks. J Netw Comput Appl 76:37–48

  20. 20.

    Jung J, Kim J, Choi Y, Won D (2016) An anonymous user authentication and key agreement scheme based on a symmetric cryptosystem in wireless sensor networks. Sensors 16(8):1299

  21. 21.

    Kim Th, Ramos C, Mohammed S (2017) Smart city and IoT. Future Gener Comput Syst 76:159–162

  22. 22.

    Li X, Niu J, Kumari S, Wu F, Choo KKR (2018) A robust biometrics based three-factor authentication scheme for global mobility networks in smart city. Future Gener Comput Syst 83:607–618

  23. 23.

    Li X, Niu J, Kumari S, Wu F, Sangaiah AK, Choo KKR (2018) A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments. J Netw Comput Appl 103:194–204

  24. 24.

    Li X, Peng J, Niu J, Wu F, Liao J, Choo KKR (2017) A robust and energy efficient authentication protocol for industrial internet of things. IEEE Internet Things J 5(3):1606–1615

  25. 25.

    Li X, Wu F, Kumari S, Xu L, Sangaiah AK, Choo KKR (2019) A provably secure and anonymous message authentication scheme for smart grids. J Parallel Distrib Comput 132:242–249.

  26. 26.

    Menezes A (2009) An introduction to pairing-based cryptography. Recent Trends Cryptogr 477:47–65

  27. 27.

    Neshenko N, Bou-Harb E, Crichigno J, Kaddoum G, Ghani N (2019) Demystifying IoT security: an exhaustive survey on IoT vulnerabilities and a first empirical look on internet-scale IoT exploitations. IEEE Commun Surve Tutor 21(3):2702–2733.

  28. 28.

    Park K, Park Y, Park Y, Das AK (2018) 2pakep: Provably secure and efficient two-party authenticated key exchange protocol for mobile environment. IEEE Access 6:30225–30241

  29. 29.

    Roy S, Chatterjee S, Das AK, Chattopadhyay S, Kumari S, Jo M (2017) Chaotic map-based anonymous user authentication scheme with user biometrics and fuzzy extractor for crowdsourcing internet of things. IEEE Internet Things J 5(4):2884–2895

  30. 30.

    Saeed MES, Liu QY, Tian G, Gao B, Li F (2018) Remote authentication schemes for wireless body area networks based on the internet of things. IEEE Internet Things J 5(6):4926–4944

  31. 31.

    Shen J, Zhou T, Wei F, Sun X, Xiang Y (2017) Privacy-preserving and lightweight key agreement protocol for v2g in the social internet of things. IEEE Internet Things J 5(4):2526–2536

  32. 32.

    Song T, Li R, Mei B, Yu J, Xing X, Cheng X (2017) A privacy preserving communication protocol for iot applications in smart homes. IEEE Internet Things J 4(6):1844–1852

  33. 33.

    Tsai JL, Lo NW (2015) A privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst J 9(3):805–815

  34. 34.

    Washington LC (2008) Elliptic curves: number theory and cryptography. Chapman and Hall/CRC, New York

  35. 35.

    Wazid M, Das AK, Odelu V, Kumar N, Conti M, Jo M (2017) Design of secure user authenticated key management protocol for generic IoT networks. IEEE Internet Things J 5(1):269–282

  36. 36.

    Wu CC, Lee WB, Tsaur WJ (2008) A secure authentication scheme with anonymity for wireless communications. IEEE Commun Lett 12(10):722–723

  37. 37.

    Wu F, Xu L, Kumari S, Li X, Das AK, Khan MK, Karuppiah M, Baliyan R (2016) A novel and provably secure authentication and key agreement scheme with user anonymity for global mobility networks. Secur Commun Netw 9(16):3527–3542

  38. 38.

    Xie Q, Wong DS, Wang G, Tan X, Chen K, Fang L (2017) Provably secure dynamic ID-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Trans Inf Forensics Secur 12(6):1382–1392

  39. 39.

    Xu G, Liu J, Lu Y, Zeng X, Zhang Y, Li X (2018) A novel efficient MAKA protocol with desynchronization for anonymous roaming service in global mobility networks. J Netw Comput Appl 107:83–92

Download references

Author information

Correspondence to Mohammad Shojafar.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Ghahramani, M., Javidan, R. & Shojafar, M. A secure biometric-based authentication protocol for global mobility networks in smart cities. J Supercomput (2020).

Download citation


  • Smart city
  • Secure protocol
  • Mobility network
  • Formal and informal security analysis
  • Impersonation attack