A Secure Anonymous Authentication Scheme for Wireless Communications Using Smart Cards

Wireless communications have become one of the most key parts in our everyday life, which give us facility on work and life but they still bring a great security risk. A crucial problem with wireless communications is to ensure the security of communication and prevent the privacy of communication entities revealing. Authentication is becoming an important issue when a mobile user (MU) wants to access services provided by the home agent (HA) in a visited foreign agent (FA). Recently, Kuo et al. proposed an authentication scheme and claimed that the proposed scheme was secure against different kinds of attacks. In this paper, we show that Kuo et al.'s scheme fails to resist insider and verifier attacks while it does not provide local verification. In addition, password change phase of Kuo et al.'s scheme also has a loophole. To remedy these shortcomings, an improved anonymous authentication scheme for wireless communications is proposed which is immune to various known types of attacks. Finally, in comparison with other existing schemes regarding security properties and performance, we show that our scheme has various kinds of security properties and is suitable for practical applications in wireless networks.

[1]  Cheng-Chi Lee,et al.  Towards secure and efficient user authentication scheme using smart card for multi-server environments , 2013, The Journal of Supercomputing.

[2]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[3]  Zhong Chen,et al.  Further Improvement of An Authentication Scheme with User Anonymity for Wireless Communications , 2012, Int. J. Netw. Secur..

[4]  Duncan S. Wong,et al.  One-Pass Key Establishment Protocol for Wireless Roaming with User Anonymity , 2014, Int. J. Netw. Secur..

[5]  Chan Yeob Yeun,et al.  Advanced Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks , 2016, Wireless Personal Communications.

[6]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[7]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[8]  Wen-Chung Kuo,et al.  An efficient and secure anonymous mobility network authentication scheme , 2014, J. Inf. Secur. Appl..

[9]  Hui-Feng Huang,et al.  Enhancement of Timestamp-based User Authentication Scheme with Smart Card , 2014, Int. J. Netw. Secur..

[10]  Chin-Chen Chang,et al.  Enhanced authentication scheme with anonymity for roaming service in global mobility networks , 2009, Comput. Commun..

[11]  Cheng-Chi Lee,et al.  Security Enhancement on a New Authentication Scheme With Anonymity for Wireless Environments , 2006, IEEE Transactions on Industrial Electronics.

[12]  Cheng-Chi Lee,et al.  Improving Security of A Communication-efficient Three-party Password Authentication Key Exchange Protocol , 2015, Int. J. Netw. Secur..

[13]  Cheng-Chi Lee,et al.  A novel user authentication and privacy preserving scheme with smart cards for wireless communications , 2012, Math. Comput. Model..

[14]  Min-Shiang Hwang,et al.  Cryptanalysis of Tan's Improvement on a Password Authentication Scheme for Multi-server Environments , 2014, Int. J. Netw. Secur..

[15]  Dong Hoon Lee,et al.  Efficient Privacy-Preserving Authentication in Wireless Mobile Networks , 2014, IEEE Transactions on Mobile Computing.

[16]  Xinmiao Zhang,et al.  Wireless Security and Cryptography: Specifications and Implementations , 2007 .

[17]  Jun-Sub Kim,et al.  Improved Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks , 2012 .

[18]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[19]  Jianfeng Ma,et al.  A new authentication scheme with anonymity for wireless environments , 2004, IEEE Trans. Consumer Electron..

[20]  Cheng-Chi Lee,et al.  Guessing Attacks on Strong-Password Authentication Protocol , 2013, Int. J. Netw. Secur..

[21]  Rajeswari Mukesh,et al.  A Biometric Approach for Continuous User Authentication by Fusing Hard and Soft Traits , 2014, Int. J. Netw. Secur..