Abstract
Due to the infrastructure provided by the GLOobal MObility NETwork, mobile users are able to access many network services anytime and anywhere, even in a roaming environment. Although, a strong authentication scheme with sufficient security requirements is necessary while accessing such services. Recently, Gope et al. discussed a symmetric key based authentication protocol in this regard. However, we find that their protocol exhibits various shortfalls like privileged insider attack, offline password guessing attack, stolen smart card attack, session key compromised attack, unverified login phase, imperfect forward secrecy, improper mutual authentication, excessive database maintenance cost, synchronization problem and no password changing phase. In this article, we put forward a certificate-less anonymous two-factor authentication protocol based on Elliptic Curve Cryptography (ECC). We use BAN logic for formal verification of the protocol. Moreover, the robustness of the protocol under several security attacks is ensured using AVISPA tool-based automated security validation. The proposed protocol can provide increased security and design properties than many other recently existing schemes.
Similar content being viewed by others
Data Availibility
All data generated or analyzed during this study are included in this article.
Code Availability
All codes used in this work are included in this article.
References
Suzukiz, S., & Nakada, K. (1997). An authentication technique based on distributed security management for the global mobility network. IEEE Journal on Selected Areas in Communications, 15(8), 1608–1617.
Rahman, M. G., & Imai, H. (2002). Security in wireless communication. Wireless Personal Communications, 22(2), 213–228.
Samfat, D., Molva, R., & Asokan, N. (1995). Untraceability in mobile networks. In Proceedings of the 1st annual international conference on mobile computing and networking (pp. 26–36).
Steinbrecher, S., & Kopsell, S. (2003). Modelling unlinkability. In International workshop on privacy enhancing technologies (pp. 32–47).
Boyd, C., & Mathuria, A. (2013). Protocols for authentication and key establishment. Springer Science & Business Media.
Clarke, N. L., & Furnell, S. M. (2005). Authentication of users on mobile telephones—A survey of attitudes and practices. Computers & Security, 24(7), 519–527.
Clarke, N. L., & Furnell, S. M. (2007). Advanced user authentication for mobile devices. Computers & Security, 26(2), 109–119.
Furnell, S., Clarke, N., & Karatzouni, S. (2008). Beyond the pin: Enhancing user authentication for mobile devices. Computer Fraud & Security, 2008(8), 12–17.
Zhu, J., & Ma, J. (2004). A new authentication scheme with anonymity for wireless environments. IEEE Transactions on Consumer Electronics, 50(1), 231–235.
Lee, C. C., Hwang, M. S., & Liao, I. E. (2006). Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE Transactions on Industrial Electronics, 53(5), 1683–1687.
Wu, C. C., Lee, W. B., & Tsaur, W. J. (2008). A secure authentication scheme with anonymity for wireless communications. IEEE Communications Letters, 12(10), 722–723.
Chang, C. C., Lee, C. Y., & Chiu, Y. C. (2009). Enhanced authentication scheme with anonymity for roaming service in global mobility networks. Computer Communications, 32(4), 611–618.
Li, C. T., & Hwang, M. S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and computer applications, 33(1), 1–5.
Xu, J., Zhu, W. T., & Feng, D. G. (2011). An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks. Computer Communications, 34(3), 319–325.
Chen, C., He, D., Chan, S., Bu, J., Gao, Y., & Fan, R. (2011). Lightweight and provably secure user authentication with anonymity for the global mobility network. International Journal of Communication Systems, 24(3), 347–362.
Mun, H., Han, K., Lee, Y. S., Yeun, C. Y., & Choi, H. H. (2012). Enhanced secure anonymous authentication scheme for roaming service in global mobility networks. Mathematical and Computer Modelling, 55(1–2), 214–222.
Xie, Q., Bao, M., Dong, N., Hu, B., & Wong, D. S. (2013). Secure mobile user authentication and key agreement protocol with privacy protection in global mobility networks. In International symposium on biometrics and security technologies (ISBAST) (pp. 124–129).
Zhao, D., Peng, H., Li, L., & Yang, Y. (2014). A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 78(1), 247–269.
Xie, Q., Hong, D., Bao, M., Dong, N., & Wong, D. S. (2014). Privacy-preserving mobile roaming authentication with security proof in global mobility networks. International Journal of Distributed Sensor Networks, 10(5), 325734.
Memon, I., Hussain, I., Akhtar, R., & Chen, G. (2015). Enhanced privacy and authentication: An efficient and secure anonymous communication for location based service using asymmetric cryptography scheme. Wireless Personal Communications, 84(2), 1487–1508.
Reddy, A. G., Das, A. K., Yoon, E. J., & Yoo, K. Y. (2016). A secure anonymous authentication protocol for mobile services on elliptic curve cryptography. IEEE Access, 4, 4394–4407.
Odelu, V., Banerjee, S., Das, A. K., Chattopadhyay, S., Kumari, S., Li, X., & Goswami, A. (2017). A secure anonymity preserving authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 96(2), 2351–2387.
Gope, P., Islam, S. K. H., Obaidat, M. S., Amin, R., Vijayakumar, P. (2018). Anonymous and expeditious mobile user authentication scheme for GLOMONET environments. International Journal of Communication Systems, 31(2), e3461.
Gupta, M., & Chaudhari, N. S. (2018). Anonymous two factor authentication protocol for roaming service in global mobility network with security beyond traditional limit. Ad Hoc Networks, 84, 56–67.
Lu, Y., Xu, G., Li, L., & Yang, Y. (2019). Robust privacy-preserving mutual authenticated key agreement scheme in roaming service for global mobility networks. IEEE Systems Journal, 13(2), 1454–1465.
Nikooghadam, M., Amintoosi, H., & Kumari, S. (2020). A provably secure ECC-based roaming authentication scheme for global mobility networks. Journal of Information Security and Applications, 54, 102588.
Khatoon, S., Chen, T.-Y., & Lee, C.-C. (2022). An improved user authentication and key agreement scheme for roaming service in ubiquitous network. Annals of Telecommunications. https://doi.org/10.1007/s12243-021-00895-3
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of advances in cryptololgy (CRYPTO’99), 1666 (pp. 388–397).
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.
Rogaway, P., & Shrimpton, T. (2004). Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In Proceedings of international workshop on fast software encryption (pp. 371–388).
Koblitz, N. (1987). Elliptic curve cryptosystem. Mathematics of computation, 48(177), 203–209.
Miller, V. S. (1985). Use of elliptic curves in cryptography. In Proceedings of theory and application of cryptographic techniques (pp. 417–426).
Burrows, M., Abadi, M., & Needham, R. M. (1989). A logic of authentication. Proceedings of the Royal Society of London: A Mathematical and Physical Sciences, 426(1871), 233–271.
Abadi, M., & Tuttle, M. R. (1991). A semantics for a logic of authentication. In Proceedings of the 10th annual ACM symposium on principles of distributed computing (pp. 201–216).
Team, AVISPA. (2006, June). AVISPA v1.1 user manual. Information Society Technologies Programme. http://www.avispa-project.org
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P. H., Heam, P. C., Kouchnarenko, O., Mantovani, J., Modersheim, S., Oheimb, D. V., Rusinowitch, M., Santiago, J., Turuani, M., Vigano, L., Vigneron, L. (2005). The AVISPA tool for the automated validation of internet security protocols and applications. In Proceedings of International conference on computer aided verification (pp. 281–285).
Basin, D., Mödersheim, S., & Vigano, L. (2005). OFMC: A symbolic model checker for security protocols. International Journal of Information Security, 4(3), 181–208.
Turuani, M. (2006). The CL-Atse protocol analyser. In Proceedings of international conference on rewriting techniques and applications (pp. 277–286).
Oheimb, D. V. (2005). The high-level protocol specification language HLPSL developed in the EU project AVISPA. In Proceedings of APPSEM workshop (pp. 1–17).
Funding
Funding information is not applicable/No funding was received for this work.
Author information
Authors and Affiliations
Contributions
All authors have equal contribution in this article.
Corresponding author
Ethics declarations
Conflict of interest
The authors have no conflicts of interest/competing interests to disclose.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Roy, P.K., Bhattacharya, A. Secure and Authentic Anonymous Roaming Service. Wireless Pers Commun 125, 819–839 (2022). https://doi.org/10.1007/s11277-022-09579-0
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-022-09579-0