Skip to main content
SpringerLink
Log in

Secure and Authentic Anonymous Roaming Service

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Due to the infrastructure provided by the GLOobal MObility NETwork, mobile users are able to access many network services anytime and anywhere, even in a roaming environment. Although, a strong authentication scheme with sufficient security requirements is necessary while accessing such services. Recently, Gope et al. discussed a symmetric key based authentication protocol in this regard. However, we find that their protocol exhibits various shortfalls like privileged insider attack, offline password guessing attack, stolen smart card attack, session key compromised attack, unverified login phase, imperfect forward secrecy, improper mutual authentication, excessive database maintenance cost, synchronization problem and no password changing phase. In this article, we put forward a certificate-less anonymous two-factor authentication protocol based on Elliptic Curve Cryptography (ECC). We use BAN logic for formal verification of the protocol. Moreover, the robustness of the protocol under several security attacks is ensured using AVISPA tool-based automated security validation. The proposed protocol can provide increased security and design properties than many other recently existing schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Data Availibility

All data generated or analyzed during this study are included in this article.

Code Availability

All codes used in this work are included in this article.

References

  1. Suzukiz, S., & Nakada, K. (1997). An authentication technique based on distributed security management for the global mobility network. IEEE Journal on Selected Areas in Communications, 15(8), 1608–1617.

    Article  Google Scholar 

  2. Rahman, M. G., & Imai, H. (2002). Security in wireless communication. Wireless Personal Communications, 22(2), 213–228.

    Article  Google Scholar 

  3. Samfat, D., Molva, R., & Asokan, N. (1995). Untraceability in mobile networks. In Proceedings of the 1st annual international conference on mobile computing and networking (pp. 26–36).

  4. Steinbrecher, S., & Kopsell, S. (2003). Modelling unlinkability. In International workshop on privacy enhancing technologies (pp. 32–47).

  5. Boyd, C., & Mathuria, A. (2013). Protocols for authentication and key establishment. Springer Science & Business Media.

  6. Clarke, N. L., & Furnell, S. M. (2005). Authentication of users on mobile telephones—A survey of attitudes and practices. Computers & Security, 24(7), 519–527.

    Article  Google Scholar 

  7. Clarke, N. L., & Furnell, S. M. (2007). Advanced user authentication for mobile devices. Computers & Security, 26(2), 109–119.

  8. Furnell, S., Clarke, N., & Karatzouni, S. (2008). Beyond the pin: Enhancing user authentication for mobile devices. Computer Fraud & Security, 2008(8), 12–17.

    Article  Google Scholar 

  9. Zhu, J., & Ma, J. (2004). A new authentication scheme with anonymity for wireless environments. IEEE Transactions on Consumer Electronics, 50(1), 231–235.

    Article  Google Scholar 

  10. Lee, C. C., Hwang, M. S., & Liao, I. E. (2006). Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE Transactions on Industrial Electronics, 53(5), 1683–1687.

    Article  Google Scholar 

  11. Wu, C. C., Lee, W. B., & Tsaur, W. J. (2008). A secure authentication scheme with anonymity for wireless communications. IEEE Communications Letters, 12(10), 722–723.

    Article  Google Scholar 

  12. Chang, C. C., Lee, C. Y., & Chiu, Y. C. (2009). Enhanced authentication scheme with anonymity for roaming service in global mobility networks. Computer Communications, 32(4), 611–618.

    Article  Google Scholar 

  13. Li, C. T., & Hwang, M. S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and computer applications, 33(1), 1–5.

    Article  Google Scholar 

  14. Xu, J., Zhu, W. T., & Feng, D. G. (2011). An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks. Computer Communications, 34(3), 319–325.

    Article  Google Scholar 

  15. Chen, C., He, D., Chan, S., Bu, J., Gao, Y., & Fan, R. (2011). Lightweight and provably secure user authentication with anonymity for the global mobility network. International Journal of Communication Systems, 24(3), 347–362.

    Article  Google Scholar 

  16. Mun, H., Han, K., Lee, Y. S., Yeun, C. Y., & Choi, H. H. (2012). Enhanced secure anonymous authentication scheme for roaming service in global mobility networks. Mathematical and Computer Modelling, 55(1–2), 214–222.

    Article  MathSciNet  Google Scholar 

  17. Xie, Q., Bao, M., Dong, N., Hu, B., & Wong, D. S. (2013). Secure mobile user authentication and key agreement protocol with privacy protection in global mobility networks. In International symposium on biometrics and security technologies (ISBAST) (pp. 124–129).

  18. Zhao, D., Peng, H., Li, L., & Yang, Y. (2014). A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 78(1), 247–269.

    Article  Google Scholar 

  19. Xie, Q., Hong, D., Bao, M., Dong, N., & Wong, D. S. (2014). Privacy-preserving mobile roaming authentication with security proof in global mobility networks. International Journal of Distributed Sensor Networks, 10(5), 325734.

  20. Memon, I., Hussain, I., Akhtar, R., & Chen, G. (2015). Enhanced privacy and authentication: An efficient and secure anonymous communication for location based service using asymmetric cryptography scheme. Wireless Personal Communications, 84(2), 1487–1508.

    Article  Google Scholar 

  21. Reddy, A. G., Das, A. K., Yoon, E. J., & Yoo, K. Y. (2016). A secure anonymous authentication protocol for mobile services on elliptic curve cryptography. IEEE Access, 4, 4394–4407.

    Article  Google Scholar 

  22. Odelu, V., Banerjee, S., Das, A. K., Chattopadhyay, S., Kumari, S., Li, X., & Goswami, A. (2017). A secure anonymity preserving authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 96(2), 2351–2387.

    Article  Google Scholar 

  23. Gope, P., Islam, S. K. H., Obaidat, M. S., Amin, R., Vijayakumar, P. (2018). Anonymous and expeditious mobile user authentication scheme for GLOMONET environments. International Journal of Communication Systems, 31(2), e3461.

  24. Gupta, M., & Chaudhari, N. S. (2018). Anonymous two factor authentication protocol for roaming service in global mobility network with security beyond traditional limit. Ad Hoc Networks, 84, 56–67.

    Article  Google Scholar 

  25. Lu, Y., Xu, G., Li, L., & Yang, Y. (2019). Robust privacy-preserving mutual authenticated key agreement scheme in roaming service for global mobility networks. IEEE Systems Journal, 13(2), 1454–1465.

    Article  Google Scholar 

  26. Nikooghadam, M., Amintoosi, H., & Kumari, S. (2020). A provably secure ECC-based roaming authentication scheme for global mobility networks. Journal of Information Security and Applications, 54, 102588.

    Article  Google Scholar 

  27. Khatoon, S., Chen, T.-Y., & Lee, C.-C. (2022). An improved user authentication and key agreement scheme for roaming service in ubiquitous network. Annals of Telecommunications. https://doi.org/10.1007/s12243-021-00895-3

    Article  Google Scholar 

  28. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of advances in cryptololgy (CRYPTO’99), 1666 (pp. 388–397).

  29. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  MathSciNet  Google Scholar 

  30. Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.

    Article  MathSciNet  Google Scholar 

  31. Rogaway, P., & Shrimpton, T. (2004). Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In Proceedings of international workshop on fast software encryption (pp. 371–388).

  32. Koblitz, N. (1987). Elliptic curve cryptosystem. Mathematics of computation, 48(177), 203–209.

    Article  MathSciNet  Google Scholar 

  33. Miller, V. S. (1985). Use of elliptic curves in cryptography. In Proceedings of theory and application of cryptographic techniques (pp. 417–426).

  34. Burrows, M., Abadi, M., & Needham, R. M. (1989). A logic of authentication. Proceedings of the Royal Society of London: A Mathematical and Physical Sciences, 426(1871), 233–271.

    MathSciNet  MATH  Google Scholar 

  35. Abadi, M., & Tuttle, M. R. (1991). A semantics for a logic of authentication. In Proceedings of the 10th annual ACM symposium on principles of distributed computing (pp. 201–216).

  36. Team, AVISPA. (2006, June). AVISPA v1.1 user manual. Information Society Technologies Programme. http://www.avispa-project.org

  37. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P. H., Heam, P. C., Kouchnarenko, O., Mantovani, J., Modersheim, S., Oheimb, D. V., Rusinowitch, M., Santiago, J., Turuani, M., Vigano, L., Vigneron, L. (2005). The AVISPA tool for the automated validation of internet security protocols and applications. In Proceedings of International conference on computer aided verification (pp. 281–285).

  38. Basin, D., Mödersheim, S., & Vigano, L. (2005). OFMC: A symbolic model checker for security protocols. International Journal of Information Security, 4(3), 181–208.

    Article  Google Scholar 

  39. Turuani, M. (2006). The CL-Atse protocol analyser. In Proceedings of international conference on rewriting techniques and applications (pp. 277–286).

  40. Oheimb, D. V. (2005). The high-level protocol specification language HLPSL developed in the EU project AVISPA. In Proceedings of APPSEM workshop (pp. 1–17).

Download references

Funding

Funding information is not applicable/No funding was received for this work.

Author information

Authors and Affiliations

  1. Indian Institute of Technology (ISM), Dhanbad, 826004, India

    Prasanta Kumar Roy & Ansuman Bhattacharya

Authors
  1. Prasanta Kumar Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ansuman Bhattacharya
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors have equal contribution in this article.

Corresponding author

Correspondence to Prasanta Kumar Roy.

Ethics declarations

Conflict of interest

The authors have no conflicts of interest/competing interests to disclose.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Roy, P.K., Bhattacharya, A. Secure and Authentic Anonymous Roaming Service. Wireless Pers Commun 125, 819–839 (2022). https://doi.org/10.1007/s11277-022-09579-0

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-022-09579-0

Keywords

Search

Navigation