Abstract
Recently, Mun et al. analyzed Wu et al.’s authentication scheme and proposed an enhanced anonymous authentication scheme for roaming service in global mobility networks. However, through careful analysis, we find that Mun et al.’s scheme is vulnerable to impersonation attacks and insider attacks, and cannot provide user friendliness, user’s anonymity, proper mutual authentication and local verification. To remedy these weaknesses, we propose a novel anonymous authentication scheme for roaming service in global mobility networks. Compared with previous related works, our scheme has many advantages. Firstly, the secure authenticity of the scheme is formally validated by an useful formal model called BAN logic. Secondly, the scheme enjoys many important security attributes including prevention of various attacks, user anonymity, no verification table, local password verification and so on. Thirdly, the scheme does not use timestamp, thus it avoids the clock synchronization problem. Further, the scheme contains the authentication and establishment of session key scheme when mobile user is located in his/her home network, therefore it is more practical and universal for global mobility networks. Finally, performance and cost analysis show our scheme is more suitable for low-power and resource limited mobile devices and thus availability for real implementation.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Suzukiz, S., & Nakada, K. (1997). An authentication technique based on distributed security management for the global mobility network. IEEE Journal Selected Areas in Communications, 15(8), 1608–1617.
He, D., Ma, M., Zhang, Y., Chen, C., & Bu, J. (2011). A strong user authentication scheme with smart cards for wireless communications. Computer Communications, 34(3), 367–374.
Zhu, J., & Ma, J. (2004). A new authentication scheme with anonymity for wireless environments. IEEE Transactions on Consumer Electronics, 51(1), 230–234.
Lee, C., Hwang, M., & Liao, I. (2006). Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE Transactions on Industrial Electronics, 53(5), 1683–1686.
Chang, C., Lee, C., & Chiu, Y. (2009). Enhanced authentication scheme with anonymity for roaming service in global networks. Computer Communications, 32(4), 611–618.
Wu, C., Lee, W., & Tsaur, W. (2008). A secure authentication scheme with anonymity for wireless communications. IEEE Communications Letters, 12(10), 722–723.
Li, C., & Lee, C. (2012). A novel user authentication and privacy preserving scheme with smart cards for wireless communications. Mathematical and Computer Modelling, 55(1–2), 35–44.
Mun, H., Han, K., Lee, Y., Yeun, C., & Choi, H. (2012). Enhanced secure anonymous authentication scheme for roaming service in global mobility networks. Mathematical and Computer Modelling, 55(1–2), 214–222.
He, D., Chan, S., Chen, C., Bu, J., & Fan, R. (2011). Design and validation of an efficient authentication scheme with anonymity for roaming service in global mobility networks. Wireless Personal Communications, 61(2), 465–476.
Das, A. (2013). A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Networking Science, 2(1–2), 12–17.
Yoon, E., Yoo, K., & Ha, K. (2011). A user friendly authentication scheme with anonymity for wireless communications. Computers & Electrical Engineering, 37(3), 356–364.
Ou, H., Hwang, M., & Jan, J. (2010). A cocktail protocol with the authentication and key agreement on the UMTS. Journal of Systems and Software, 83(2), 316–325.
Yang, G., Huang, Q., Wong, D., & Deng, X. (2010). Universal authentication protocols for anonymous wireless communications. IEEE Transactions on Wireless Communication, 9(1), 168–174.
Lee, C., Chen, C., Ou, H., & Chen, L. (2013). Extension of an efficient 3GPP authentication and key agreement protocol. Wireless Personal Communications, 68(3), 861–872.
Juang, W., Chen, S., & Liaw, H. (2008). Robust and efficient password-authenticated key agreement using smart cards. IEEE Transactions on Industrial Electronics, 55(6), 2551–2556.
Yang, G., Wong, D., & Deng, X. (2007). Anonymous and authenticated key exchange for roaming networks. IEEE Transactions on Wireless Communications, 6(9), 1035–1042.
Wen, F., Susilo, W., & Yang, G. (2013). Asecure and effective anonymous user authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 73(3), 993–1004.
He, D., Zhang, Y., & Chen, J. (2014). Cryptanalysis and improvement of an anonymous authentication protocol for wireless access networks. Wireless Personal Communications, 74(2), 229–243.
Kim, J., & Kwak, J. (2012). Improved secure anonymous authentication scheme for roaming service in global mobility networks. International Journal of Security and Its Applications, 6(3), 45–54.
Chang, C., Le, H., & Chang, C. (2013). Novel untraceable authenticated key agreement protocol suitable for mobile communication. Wireless Personal Communications, 71(1), 425–437.
Jiang, Q., Ma, J., Li, G., & Yang, L. (2013). An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wireless Personal Communications, 68(4), 1477–1491.
Xie, Q., Hu, B., Tan, X., Bao, M., & Yu, X. (2014). Robust anonymous two-factor authentication scheme for roaming service in global mobility network. Wireless Personal Communications, 74(2), 601–614.
Xu, J., & Zhu, W. T. (2013). A generic framework for anonymous authentication in mobile networks. Journal of Computer Science and Technology, 28(4), 732–742.
Kim, J. S., & Kwak, J. (2013). Secure and efficient anonymous authentication scheme in global mobility networks. Journal of Applied Mathematics, Volume 2013, Article ID 302582.
Hankerson, D., Menezes, A., & Vanstone, S. (2004). Guide to elliptic curve cryptography. New York: Springer.
Koblitz, N. (1987). Elliptic curve cryptosystem. Journal of Mathematics of Computation, 48(177), 203–209.
Miller, V. S. (1985). Use of elliptic curves in cryptography. Proceeding on Advances in Cryptology-CRYPTO’ 85 (pp. 417–426). New York: Springer.
Burrows, M., Abadi, M., & Needham, R. (1990). Alogic of authentication. ACM Transaction on Computer System, 8(1), 18–36.
Zhao, D., Peng, H., Wang, C., & Yang, Y. (2012). A secret sharing scheme with a short share realizing the (t, n) threshold and the adversary structure. Computers & Mathematics with Applications, 64(4), 611–615.
Yoo, S., Lee, H., & Kim, J. (2013). A performance and usability aware secure two-factor user authentication scheme for wireless sensor networks. International Journal of Distributed Sensor Networks Volume 2013, Article ID 543950.
Acknowledgments
This paper was supported by the National Natural Science Foundation of China (Grant Nos. 61170269, 61121061), the China Postdoctoral Science Foundation Funded Project (Grant No. 2013M540070), the Beijing Higher Education Young Elite Teacher Project (Grant No. YETP0449), and the Asia Foresight Program under NSFC Grant (Grant No. 61161140320).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zhao, D., Peng, H., Li, L. et al. A Secure and Effective Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks. Wireless Pers Commun 78, 247–269 (2014). https://doi.org/10.1007/s11277-014-1750-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-014-1750-y