Lightweight authentication with key-agreement protocol for mobile network environment using smart cards

In 2012, Mun et al. proposed an enhanced secure authentication with key-agreement protocol for roaming service in global mobility networks environment based on elliptic curve cryptography. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful analysis of this study proves that Mun et al. 's protocol is susceptible to several attacks such as replay attack, man-in-middle attack, user impersonation attack, privileged insider attack, denial-of-service attack, no login phase and imperfect mutual authentication phase. In addition, this study proposes an enhanced lightweight authentication with key-agreement protocol for mobile networks based on elliptic curve cryptography using smart cards. The proposed protocol is lightweight and perfectly suitable for real-time applications as it accomplishes simple one-way hash function, message authentication code and exclusive-OR operation. Furthermore, it achieves all the eminent security properties and is resistant to various possible attacks. The security analysis and comparison section demonstrates that the proposed protocol is robust compared with Mun et al. 's protocol.

[1]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[2]  Hu Jin,et al.  An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security , 2012 .

[3]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[4]  Debiao He,et al.  Anonymous two-factor authentication for consumer roaming service in global mobility networks , 2013, IEEE Transactions on Consumer Electronics.

[5]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[6]  Jenq-Shiou Leu,et al.  Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards , 2014, IET Inf. Secur..

[7]  Wei-Bin Lee,et al.  A Secure Authentication Scheme with Anonymity for Wireless Communications , 2008, IEEE Commun. Lett..

[8]  Dawei Zhao,et al.  A Secure and Effective Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks , 2013, Wireless Personal Communications.

[9]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[10]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[11]  Cheng-Chi Lee,et al.  A two-factor authentication scheme with anonymity for multi-server environments , 2015, Secur. Commun. Networks.

[12]  Chun-I Fan,et al.  Provably Secure Remote Truly Three-Factor Authentication Scheme With Privacy Protection on Biometrics , 2009, IEEE Transactions on Information Forensics and Security.

[13]  Imran Memon,et al.  Enhanced Privacy and Authentication: An Efficient and Secure Anonymous Communication for Location Based Service Using Asymmetric Cryptography Scheme , 2015, Wirel. Pers. Commun..

[14]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[15]  Yuqing Zhang,et al.  A privacy preserving authentication scheme for roaming services in global mobility networks , 2015, Secur. Commun. Networks.

[16]  Chin-Chen Chang,et al.  Enhanced authentication scheme with anonymity for roaming service in global mobility networks , 2009, Comput. Commun..

[17]  Cheng-Chi Lee,et al.  Security Enhancement on a New Authentication Scheme With Anonymity for Wireless Environments , 2006, IEEE Transactions on Industrial Electronics.

[18]  Chun-Ta Li,et al.  A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card , 2013, IET Inf. Secur..

[19]  Jing Xu,et al.  Provable secure authentication protocol with anonymity for roaming service in global mobility networks , 2011, Comput. Networks.

[20]  Zhihua Cai,et al.  Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications , 2014, IET Commun..

[21]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[22]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[23]  Chan Yeob Yeun,et al.  Advanced Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks , 2016, Wireless Personal Communications.

[24]  Eun-Jun Yoon,et al.  A user friendly authentication scheme with anonymity for wireless communications , 2011, Comput. Electr. Eng..

[25]  Jianfeng Ma,et al.  A new authentication scheme with anonymity for wireless environments , 2004, IEEE Trans. Consumer Electron..

[26]  Somayeh Salimi,et al.  Anonymous roaming in universal mobile telecommunication system mobile networks , 2010, IET Inf. Secur..