Design and Validation of an Efficient Authentication Scheme with Anonymity for Roaming Service in Global Mobility Networks

Designing a user authentication protocol with anonymity for the global mobility network (GLOMONET) is a difficult task because wireless networks are susceptible to attacks and each mobile user has limited power, processing and storage resources. In this paper, a secure and lightweight user authentication protocol with anonymity for roaming service in the GLOMONET is proposed. Compared with other related approaches, our proposal has many advantages. Firstly, it uses low-cost functions such as one-way hash functions and exclusive-OR operations to achieve security goals. Having this feature, it is more suitable for battery-powered mobile devices. Secondly, it uses nonces instead of timestamps to avoid the clock synchronization problem. Therefore, an additional clock synchronization mechanism is not needed. Thirdly, it only requires four message exchanges between the user, foreign agent and home agent. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, no password table, and high efficiency in password authentication. Security and performance analyses show that compared with other related authentication schemes, the proposed scheme is more secure and efficient.

[1]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[2]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[3]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[4]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[5]  Jianfeng Ma,et al.  A new authentication scheme with anonymity for wireless environments , 2004, IEEE Trans. Consumer Electron..

[6]  Daojing He,et al.  Design and Verification of Enhanced Secure Localization Scheme in Wireless Sensor Networks , 2009, IEEE Transactions on Parallel and Distributed Systems.

[7]  Zhenfu Cao,et al.  On the anonymity of some authentication schemes for wireless communications , 2009, IEEE Commun. Lett..

[8]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[9]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[10]  Wei-Bin Lee,et al.  A Secure Authentication Scheme with Anonymity for Wireless Communications , 2008, IEEE Commun. Lett..

[11]  Jongin Lim,et al.  Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks , 2009, IEEE Communications Letters.

[12]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[13]  Chin-Chen Chang,et al.  Enhanced authentication scheme with anonymity for roaming service in global mobility networks , 2009, Comput. Commun..

[14]  Cheng-Chi Lee,et al.  Security Enhancement on a New Authentication Scheme With Anonymity for Wireless Environments , 2006, IEEE Transactions on Industrial Electronics.

[15]  Dong Hoon Lee,et al.  Security flaw of authentication scheme with anonymity for wireless communications , 2009, IEEE Communications Letters.

[16]  Daojing He,et al.  Secure and Efficient Localization Scheme in Ultra-Wideband Sensor Networks , 2009, Wirel. Pers. Commun..

[17]  Xuemin Shen,et al.  Mutual Authentication and Key Exchange Protocols for Roaming Services in Wireless Mobile Networks , 2006, IEEE Transactions on Wireless Communications.

[18]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).