A User Authentication Scheme with Identity and Location Privacy
The rapid growth of wireless systems provides us with mobility. In mobile environments, authentication of a user and confidentiality of his identity and location are two major security issues, which seem incompatible with each other. In this manuscript, we propose a user authentication scheme with identity and location privacy. This scheme is an interactive protocol based on public key cryptosystems. In the proposed scheme, to prove his authenticity, a user utilizes a digital signature scheme based on a problem with a random self-reducible relation such as the square root modulo a composite number problem and the discrete logarithm problem. We also define the security requirements for user authentication with identity and location privacy, impersonation-freeness and anonymity, against active attacks, and prove that the proposed scheme satisfies them assuming the security of the cryptographic schemes used in the scheme. Furthermore, we show that we can construct authenticated key agreement schemes by applying the proposed scheme to some existing authenticated key agreement schemes.
Unable to display preview. Download preview PDF.
- Cellular Digital Packet Data (CDPD) System Specification, release 1.0 edition, July 1993.Google Scholar
- DTI/EPSRC LINK Personal Communications Programme. Third Generation Mobile Telecommunications Systems Security Studies Technical Report 2: Security Mechanisms for Third Generation Systems, May 1996.Google Scholar
- A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In CRYPTO’86, pages 186–194, 1987. Lecture Notes in Computer Science 263.Google Scholar
- A. Herzberg, H. Krawczyk, and G. Tsudik. On travelling Incognito. In Proceedings of IEEE Workshop on Mobile Computing Systems and Applications, 1994.Google Scholar
- S. Hirose and S. Yoshida. An authenticated Diffie-Hellman key agreement protocol secure against active attacks. In PKC’98, pages 135–148, 1998. Lecture Notes in Computer Science 1431.Google Scholar
- R. Molva, G. Tsudik, E. V. Herreweghen, and S. Zatti. KryptoKnight: Authentication and key distribution system. In Proceedings on 1992 European Symposium on Research in Computer Security, pages 155–174, 1992.Google Scholar
- D. Pointcheval and J. Stern. Security proofs for signature schemes. In EUROCRYPT’96, pages 387–398, 1996. Lecture Notes in Computer Science 1070.Google Scholar
- C. P. Schnorr. Efficient identification and signatures for smart cards. In CRYPTO’89, pages 239–252, 1990. Lecture Notes in Computer Science 435.Google Scholar
- M. Tompa and H. Woll. Random self-reducibility and zero knowledge interactive proofs of possession of information. In 1987 IEEE Symposium on Foundations of Computer Science, pages 472–482, 1987.Google Scholar