A practical anonymous authentication protocol for wireless roaming

Recently, Chen et al. proposed a practical authentication protocol for supporting anonymous roaming in wireless access networks, then the protocol is further improved by Hsieh and Leu. In this paper, we demonstrate the adversarial model of this type of protocols and show that Hsieh-Leu scheme is not as secure as they originally claimed to be. In particular, we show that their protocol does not provide user privacy protection, and it is vulnerable to off-line password guessing attack mounted by a side channel adversary who has compromised all the information stored in the user's smart card. To fix these weaknesses, a new practical authentication protocol with anonymity for wireless roaming is proposed. We use the formal verification tool ProVerif, which is based on applied pi calculus, to prove the security of the proposed scheme. The experimental results confirm that the new scheme not only achieves many desirable properties, such as strong anonymity, perfect forward secrecy and support of session key update, but also provides robustness against all those attacks that Hsieh-Leu protocol does not resist. Copyright © 2013 John Wiley & Sons, Ltd.

[1]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[2]  Xiaotie Deng,et al.  Universal authentication protocols for anonymous wireless communications , 2010, IEEE Transactions on Wireless Communications.

[3]  Jenq-Shiou Leu,et al.  Anonymous authentication protocol based on elliptic curve Diffie-Hellman for wireless access networks , 2014, Wirel. Commun. Mob. Comput..

[4]  Jun Sun,et al.  AUTHSCAN: Automatic Extraction of Web Authentication Protocols from Implementations , 2013, NDSS.

[5]  Yen-Cheng Chen,et al.  A practical authentication protocol with anonymity for wireless access networks , 2011, Wirel. Commun. Mob. Comput..

[6]  Xiong Li,et al.  A novel user authentication scheme with anonymity for wireless communications , 2014, Secur. Commun. Networks.

[7]  Qiaoyan Wen,et al.  An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network , 2012, Comput. Commun..

[8]  Wei-Bin Lee,et al.  A Secure Authentication Scheme with Anonymity for Wireless Communications , 2008, IEEE Commun. Lett..

[9]  Martín Abadi,et al.  Computer-Assisted Verification of a Protocol for Certified Email , 2003, SAS.

[10]  Chin-Chen Chang,et al.  Secure communications for cluster-based ad hoc networks using node identities , 2007, J. Netw. Comput. Appl..

[11]  Chan Yeob Yeun,et al.  Advanced Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks , 2016, Wireless Personal Communications.

[12]  Jongin Lim,et al.  Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks , 2009, IEEE Communications Letters.

[13]  Bruno Blanchet,et al.  Models and Proofs of Protocol Security: A Progress Report , 2009, CAV.

[14]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[15]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[16]  Chin-Chen Chang,et al.  Enhanced authentication scheme with anonymity for roaming service in global mobility networks , 2009, Comput. Commun..

[17]  Cheng-Chi Lee,et al.  Security Enhancement on a New Authentication Scheme With Anonymity for Wireless Environments , 2006, IEEE Transactions on Industrial Electronics.

[18]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[19]  Martín Abadi,et al.  Just Fast Keying in the Pi Calculus , 2004, ESOP.

[20]  Jianfeng Ma,et al.  A new authentication scheme with anonymity for wireless environments , 2004, IEEE Trans. Consumer Electron..

[21]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .

[22]  Xiaotie Deng,et al.  Two-factor mutual authentication based on smart cards and passwords , 2008, J. Comput. Syst. Sci..

[23]  Yang Xiao,et al.  A survey of anonymity in wireless communication systems , 2009, Secur. Commun. Networks.