Robust Anonymous Two-Factor Authentication Scheme for Roaming Service in Global Mobility Network
Two-factor authentication scheme for roaming service in global mobility network enables the mobile user in possession of a password and a smart card to achieve mutual authentication and session key establishment with the foreign agent. In this paper, we first identify six properties of this type of schemes: (1) Anonymity and untraceability; (2) Robustness; (3) Authentication; (4) Session key security and fairness; (5) User friendliness; and (6) Efficiency, then propose a new scheme which satisfies all these requirements. Our result is validated applying the formal verification tool ProVerif based on applied pi calculus.
KeywordsAuthentication Roaming Anonymity Global mobility network
This research was supported by the National Natural Science Foundation of China (No. 61070153), the Major State Basic Research Development (973) Program of China (No. 2013CB834205), and Natural Science Foundation of Zhejiang Province (No. LZ12F02005).
- 5.Youn, T. Y., Park, Y. H., & Li, M. J. (2009). Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks. IEEE Communicaions Letters, 13(7), 1118–1123.Google Scholar
- 6.He, D., Chan, S., Chen, C., & Bu, J. (2011). Design and validation of an efficient authentication scheme with anonymity for roaming service in global mobility networks. Wireless Personal Communications, 61(2), 465–476.Google Scholar
- 7.Jiang, Q., Ma, J., Li, G., & Yang, L. (2012). An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wireless Personal Communications. doi: 10.1007/s11277-012-0535-4.
- 14.Abadi, M., Blanchet, B., & Lundh, H. C. (2009). Models and proofs of protocol security: A progress report. In 21st International conference on computer aided verification (pp. 35–49), Grenoble, France.Google Scholar
- 15.Abadi, M., & Fournet, C. (2001). Mobile values, new names, and secure communication. In Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on principles of programming languages (pp. 104–115). New York: ACM.Google Scholar
- 17.Abadi, M., & Blanchet, B. (2003). Computer-assisted verification of a protocol for certified email. In Proceedings of the 10th international symposium on static analysis, LNCS (vol. 2694, pp. 316–335). Berlin: Springer.Google Scholar
- 18.Abadi, M., Blanchet, B., & Fournet, C. (2004). Just fast keying in the Pi calculus. In Proceedings of the 13th European symposium on programming, LNCS (vol. 2986, pp. 340–354). Berlin: Springer.Google Scholar
- 19.Bai, G., Meng, G., Lei, J., Venkatraman, S. S., Saxena, P., Sun, J., et al. (2013). AuthScan: Automatic extraction of Web authentication protocols from implementations. In Proceedings of the 20th annual network and distributed system security symposium. http://www.comp.nus.edu.sg/~prateeks/papers/AuthScan.pdf.