Wireless Personal Communications

, Volume 96, Issue 2, pp 2351–2387 | Cite as

A Secure Anonymity Preserving Authentication Scheme for Roaming Service in Global Mobility Networks

  • Vanga Odelu
  • Soumya Banerjee
  • Ashok Kumar Das
  • Samiran Chattopadhyay
  • Saru Kumari
  • Xiong Li
  • Adrijit Goswami
Article

Abstract

In real-life applications, ensuring secure transmission of data over public network channels to prevent malicious eavesdropping of the data is an important issue. Several potential security risks arise while protecting data and providing access control over the data. Due to the broadcast nature of the wireless channels, wireless networks are often vulnerable to various possible known attacks. Therefore, designing a secure and efficient authentication scheme in the global mobility network (GLOMONET) environment becomes a challenging task to the researchers. In recent years, several user authentication schemes for roaming services in GLOMONET have been proposed. However, most of them are either vulnerable to various known attacks or they are inefficient. Most recently, Zhao et al. proposed an anonymous authentication scheme for roaming service in GLOMONET (Zhao et al. in Wireless Personal Communications 78:247–269, 2014) and they claimed that their scheme can withstand all possible known attacks. In this paper, Zhao et al.’s scheme is revisited, and it is shown that their scheme fails to provide strong user anonymity when the session-specific temporary information are revealed to an adversary. Further, their scheme does not protect replay attack, offline password guessing attack and privileged-insider attack. In addition, there is no provision for revocation and re-registration mechanism in their scheme and also there exists design flaw in their schemeu. Moreover, another recently proposed Memon et al.’s scheme (Memon et al. in Wireless Personal Communications 84:1487–1508, 2015) fails to protect the privileged-insider attack. Thus, there is a great need to provide security enhancement of their schemes in order to apply in practical applications. The proposed scheme withstands the security weaknesses found in Zhao et al.’s scheme and Memon et al.’s scheme. Through the rigorous formal and informal security analysis, it is shown that the proposed scheme has the ability to tolerate various known attacks. In addition, the proposed scheme is simulated using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications tool and the simulation results reveal that the proposed scheme is secure. The proposed scheme is also efficient in computation and communication as compared to Zhao et al.’s scheme and other related schemes.

Keywords

Authentication Key agreement User anonymity Roaming service Global mobility networks Security BAN logic AVISPA 

Notes

Acknowledgements

The authors would like to acknowledge the many helpful suggestions of the anonymous reviewers and the Editor, which have improved the content and the presentation of this paper. This research is supported by the National Natural Science Foundation of China under Grant No. 61300220, and it is also supported by PAPD and CICAEET.

References

  1. 1.
    Advanced Encryption Standard, U.S. Department of Commerce, November 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. Accessed Nov 2010.
  2. 2.
    AVISPA. Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/. Accessed Aug 2015.
  3. 3.
    AVISPA. AVISPA Web Tool. http://www.avispa-project.org/web-interface/expert.php/. Accessed Aug 2015.
  4. 4.
    Bellare, M., Boldyreva, A., & Micali, S. (2000). Public-key encryption in a multi-user setting: Security proofs and improvements. In Advances in cryptology—EUROCRYPT 2000 (pp. 259–274). Springer.Google Scholar
  5. 5.
    Bellare, M., Canetti, R., & Krawczyk, H. (1998). A modular approach to the design and analysis of authentication and key exchange protocols. In Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing (STOC) (pp. 419–428). Dallas: ACM.Google Scholar
  6. 6.
    Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.CrossRefMATHGoogle Scholar
  7. 7.
    Canetti, R., & Krawczyk, H. (2001). Analysis of key-exchange protocols and their use for building secure channels. In Advances in cryptology—EUROCRYPT 2001 (pp. 453–474). Innsbruck: Springer.Google Scholar
  8. 8.
    Chang, C., Lee, C., & Chiu, Y. (2009). Enhanced authentication scheme with anonymity for roaming service in global networks. Computer Communications, 34(4), 611–618.CrossRefGoogle Scholar
  9. 9.
    Das, A. K. (2011). Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Information Security, 5(3), 145–151.CrossRefGoogle Scholar
  10. 10.
    Das, A. K. (2013). A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Networking Science, 2(1–2), 12–27.CrossRefGoogle Scholar
  11. 11.
    Das, A. K. (2016). A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Networking and Applications, 9(1), 223–244.Google Scholar
  12. 12.
    Das, A. K., & Goswami, A. (2013). A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37(3), 9948.CrossRefGoogle Scholar
  13. 13.
    Das, A. K., Paul, N. R., & Tripathy, L. (2012). Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Information Sciences, 209, 80–92.MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Das, A. K. (2015). A secure and efficient user anonymity-preserving three-factor authentication protocol for large-scale distributed wireless sensor networks. Wireless Personal Communications, 82(3), 1377–1404.CrossRefGoogle Scholar
  15. 15.
    Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    Dutta, R., & Barua, R. (2008). Provably secure constant round contributory group key agreement in dynamic setting. IEEE Transactions on Information Theory, 54(5), 2007–2025.MathSciNetCrossRefMATHGoogle Scholar
  17. 17.
    Gope, P., & Hwang, T. (2015). Enhanced secure mutual authentication, and key agreement scheme preserving user anonymity in global mobile networks. Wireless Personal Communications, 82(4), 2231–2245.CrossRefGoogle Scholar
  18. 18.
    Gope, P., & Hwang, T. (2016). Lightweight and energy-efficient mutual authentication and key agreement scheme with user anonymity for secure communication in global mobility networks. IEEE Systems Journal, 10(4), 1370–1379.CrossRefGoogle Scholar
  19. 19.
    He, D., Ma, M., Zhang, Y., Chen, C., & Bu, J. (2011). A strong user authentication scheme with smart cards for wireless communications. Computer Communications, 34(3), 367–374.CrossRefGoogle Scholar
  20. 20.
    He, D., Zhang, Y., & Chen, J. (2014). Cryptanalysis and improvement of an anonymous authentication protocol for wireless access networks. Wireless Personal Communications, 74(2), 229–243.CrossRefGoogle Scholar
  21. 21.
    Jiang, Q., Ma, J., Li, G., & Yang, L. (2013). An enhanced authentication scheme with privacy preservation for roaming services in global mobility networks. Wireless Personal Communications, 68(4), 1477–1491.CrossRefGoogle Scholar
  22. 22.
    Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in cryptology—CRYPTO’99 (pp. 388–397). California: Springer.Google Scholar
  23. 23.
    Lee, C., Hwang, M., & Liao, I. (2006). Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE Transactions on Industrial Electronics, 53(5), 1683–1686.CrossRefGoogle Scholar
  24. 24.
    Li, C. T., & Lee, C. (2012). A novel user authentication and privacy preserving scheme with smart cards for wireless communications. Mathematical and Computer Modelling, 55(1–2), 35–44.MathSciNetCrossRefMATHGoogle Scholar
  25. 25.
    Li, X., Niu, J.-W., Ma, J., Wang, W.-D., & Liu, C.-L. (2011). Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 34, 73–79.CrossRefGoogle Scholar
  26. 26.
    Memon, I., Hussain, I., Akhtar, R., & Chen, G. (2015). Enhanced Privacy and Authentication: An Efficient and Secure Anonymous Communication for Location Based Service Using Asymmetric Cryptography Scheme. Wireless Personal Communications, 84(2), 1487–1508.CrossRefGoogle Scholar
  27. 27.
    Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.MathSciNetCrossRefGoogle Scholar
  28. 28.
    Mun, H., Han, K., Lee, Y. S., Yeun, C. Y., & Choi, H. H. (2012). Enhanced secure anonymous authentication scheme for roaming service in global mobility networks. Mathematical and Computer Modelling, 55, 214–222.MathSciNetCrossRefMATHGoogle Scholar
  29. 29.
    Nickalls, R. W. D. (1993). A new approach to solving the cubic: Cardan’s solution revealed. The Mathematical Gazette, 77(480), 354–359.CrossRefGoogle Scholar
  30. 30.
    Odelu, V., Das, A. K., & Goswami, A. (2014). A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Information Sciences, 269, 270–285.MathSciNetCrossRefMATHGoogle Scholar
  31. 31.
    Odelu, V., Das, A. K., & Goswami, A. (2015). A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Transactions on Information Forensics and Security, 10(9), 1953–1966.CrossRefGoogle Scholar
  32. 32.
    Odelu, V., Das, A. K., & Goswami, A. (2015). DMAMA: Dynamic migration access control mechanism for mobile agents in distributed networks. Wireless Personal Communications, 84(1), 207–230.CrossRefGoogle Scholar
  33. 33.
    Odelu, V., Das, A. K., & Goswami, A. (2015). An effective and robust secure remote user authenticated key agreement scheme using smart cards in wireless communication systems. Wireless Personal Communications,. doi: 10.1007/s11277-015-2721-7.Google Scholar
  34. 34.
    Odelu, V., Das, A. K., & Goswami, A. (2015). A secure and scalable group access control scheme for wireless sensor networks. Wireless Personal Communications,. doi: 10.1007/s11277-015-2866-4.Google Scholar
  35. 35.
    Sarkar, P. (2010). A simple and generic construction of authenticated encryption with associated data. ACM Transactions on Information and System Security, 13(4), 33.CrossRefGoogle Scholar
  36. 36.
    Stallings, W. (2006). Cryptography and network security: Principles and practices (3rd ed.). Pearson Education India.Google Scholar
  37. 37.
    von Oheimb, D. (2005). The high-level protocol specification language HLPSL developed in the EU project AVISPA. In Proceedings of APPSEM 2005 Workshop.Google Scholar
  38. 38.
    Wang, D., He, D., Wang, P., & Chu, C. (2015). Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Transactions on Dependable and Secure Computing, 12(4), 428–442.CrossRefGoogle Scholar
  39. 39.
    Wen, F., Susilo, W., & Yang, G. (2013). A secure and effective user authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 73(3), 993–1004.CrossRefGoogle Scholar
  40. 40.
    Wu, C., Lee, W., & Tsaur, W. (2008). A secure authentication scheme with anonymity for wireless communications. IEEE Communications Letters, 12(10), 722–723.CrossRefGoogle Scholar
  41. 41.
    Wu, S., & Chen, K. (2012). An efficient key-management scheme for hierarchical access control in e-medicine system. Journal of Medical Systems, 36(4), 2325–2337.CrossRefGoogle Scholar
  42. 42.
    Zhao, D., Peng, H., Li, L., & Yang, Y. (2014). A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 78(1), 247–269.CrossRefGoogle Scholar
  43. 43.
    Zhou, T., & Xu, J. (2011). Provable secure authentication protocol with anonymity for roaming service in global mobility networks. Computer Networks, 55(1), 205–213.MathSciNetCrossRefMATHGoogle Scholar
  44. 44.
    Zhu, J., & Ma, J. (2004). A new authentication scheme with anonymity for wireless environments. IEEE Transactions on Consumer Electronics, 55(1), 230–234.Google Scholar

Copyright information

© Springer Science+Business Media New York 2017

Authors and Affiliations

  1. 1.Department of MathematicsIndian Institute of TechnologyKharagpurIndia
  2. 2.Department of Computer Science and EngineeringIndian Institute of Information TechnologyChittoor, Sri CityIndia
  3. 3.Department of Information TechnologyJadavpur UniversitySalt Lake City, KolkataIndia
  4. 4.Center for Security, Theory and Algorithmic ResearchInternational Institute of Information TechnologyHyderabadIndia
  5. 5.Department of MathematicsCh. Charan Singh UniversityMeerutIndia
  6. 6.School of Computer Science and EngineeringHunan University of Science and TechnologyXiangtanChina
  7. 7.Nanjing University of Information Science and TechnologyNanjingChina

Personalised recommendations