Efficient Anonymous Roaming and Its Security Analysis

  • Guomin Yang
  • Duncan S. Wong
  • Xiaotie Deng
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3531)


The Canetti-Krawczyk (CK) model uses resuable modular components to construct indistinguishability-based key exchange protocols. The reusability of modular protocol components makes it easier to construct and prove new protocols when compared with other provably secure approaches. In this paper, we build an efficient anonymous and authenticated key exchange protocol for roaming by using the modular approach under the CK-model. Our protocol requires only four message flows and uses only standard cryptographic primitives. We also propose a one-pass counter based MT-authenticator and show its security under the assumption that there exists a MAC which is secure against chosen message attack.


Authenticated Key Exchange Anonymous Roaming 


  1. 1.
    Ateniese, G., Herzberg, A., Krawczyk, H., Tsudik, G.: On traveling incognito. In: Proc. of the IEEE Workshop on Mobile Systems and Applications (December 1994)Google Scholar
  2. 2.
    Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols. In: Proc. 30th ACM Symp. on Theory of Computing, May 1998, pp. 419–428. ACM, New York (1998)Google Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  4. 4.
    Boneh, D.: The decision Diffie-Hellman problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. 5.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001), CrossRefGoogle Scholar
  6. 6.
    Go, J., Kim, K.: Wireless authentication protocol preserving user anonymity. In: Proc. of the 2001 Symposium on Cryptography and Information Security (SCIS 2001), pp. 159–164 (January 2001)Google Scholar
  7. 7.
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attack. SIAM J. Computing 17(2), 281–308 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)Google Scholar
  9. 9.
    Samfat, D., Molva, R., Asokan, N.: Untraceability in mobile networks. In: Proc. of MobiCom 1995, pp. 26–36 (1995)Google Scholar
  10. 10.
    Tin, Y., Boyd, C., Gonzalez-Nieto, J.: Provably secure key exchange: An engineering approach. In: Australasian Information Security Workshop, AISW 2003 (2003)Google Scholar
  11. 11.
    Wong, D.: Security analysis of two anonymous authentication protocols for distributed wireless networks. In: Proc. of the 3rd IEEE Intl. Conf. on Pervasive Computing and Communications Workshops (PerCom 2005 Workshops), March 2005, pp. 284–288. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  12. 12.
    Yang, G., Wong, D.S., Deng, X.: Deposit-case attack against secure roaming. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 417–428. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Guomin Yang
    • 1
  • Duncan S. Wong
    • 1
  • Xiaotie Deng
    • 1
  1. 1.Department of Computer ScienceCity University of Hong KongHong KongChina

Personalised recommendations