Robust Privacy-Preserving Mutual Authenticated Key Agreement Scheme in Roaming Service for Global Mobility Networks

Security and privacy are desired core issues to secure communication for the roaming service in global mobility network (GLOMONET). Authentication mechanism is an essential technology to establish a shared secret key between two or more participants who wish to encrypt sensitive data. How to design an ideal authenticated key agreement (AKA) that satisfies different security requirements is a very challenging task due to a handshake between participants is performed over an open channel. Multiple papers on AKA are currently available. We review a recently GLOMONET-oriented AKA released by Gope–Hwang. We point out that their scheme has various security problems. Specifically, their AKA is vulnerable to known session-specific temporary information attack. More seriously, the password renewal phase of their scheme is wrong, thus leading to the mobile user login failed and even the server rejects service. So the paper attempts to eliminate three security loopholes troubled in Gope–Hwang's scheme. Our objective is to propose an elliptic curve cryptography (ECC) based AKA to achieve secure implementation in GLOMONET. By performing informal and formal analyses, we demonstrate that our scheme overcomes some disadvantages in Gope–Hwang's scheme while possessing more excellent security attributes.

[1]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[2]  Xiaotie Deng,et al.  Anonymous and Authenticated Key Exchange for Roaming Networks , 2007, IEEE Transactions on Wireless Communications.

[3]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[4]  Prosanta Gope,et al.  Lightweight and Energy-Efficient Mutual Authentication and Key Agreement Scheme With User Anonymity for Secure Communication in Global Mobility Networks , 2016, IEEE Systems Journal.

[5]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[6]  Jianfeng Ma,et al.  A new authentication scheme with anonymity for wireless environments , 2004, IEEE Trans. Consumer Electron..

[7]  Luminita Vasiu,et al.  On The Indistinguishability-Based Security Model of Key Agreement Protocols-Simple Cases , 2005, IACR Cryptol. ePrint Arch..

[8]  Jun-Sub Kim,et al.  Improved Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks , 2012 .

[9]  Jianfeng Ma,et al.  An Enhanced Authentication Scheme with Privacy Preservation for Roaming Service in Global Mobility Networks , 2012, Wireless Personal Communications.

[10]  Chunhua Su,et al.  Universally Composable RFID Mutual Authentication , 2017, IEEE Transactions on Dependable and Secure Computing.

[11]  Ping Wang,et al.  Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound , 2018, IEEE Transactions on Dependable and Secure Computing.

[12]  Alfred Menezes,et al.  An Efficient Protocol for Authenticated Key Agreement , 2003, Des. Codes Cryptogr..

[13]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[14]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[15]  Jia-Lun Tsai,et al.  Secure Handover Authentication Protocol Based on Bilinear Pairings , 2013, Wirel. Pers. Commun..

[16]  Chun Chen,et al.  Security and efficiency in roaming services for wireless networks: challenges, approaches, and prospects , 2013, IEEE Communications Magazine.

[17]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[18]  Jongin Lim,et al.  Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks , 2009, IEEE Communications Letters.

[19]  Noureddine Zahid,et al.  An Efficient Authentication Protocol for 5G Heterogeneous Networks , 2017, UNet.

[20]  Shaiful Jahari Hashim,et al.  An efficient authentication and key agreement protocol for 4G (LTE) networks , 2014, 2014 IEEE REGION 10 SYMPOSIUM.

[21]  J. David Irwin,et al.  Localized authentication for wireless LAN inter-networking roaming , 2004, 2004 IEEE Wireless Communications and Networking Conference (IEEE Cat. No.04TH8733).

[22]  Tony Q. S. Quek,et al.  GRAAD: Group Anonymous and Accountable D2D Communication in Mobile Networks , 2017, IEEE Transactions on Information Forensics and Security.

[23]  Jin Cao,et al.  EGHR: Efficient group-based handover authentication protocols for mMTC in 5G wireless networks , 2018, J. Netw. Comput. Appl..

[24]  Jing Xu,et al.  Provable secure authentication protocol with anonymity for roaming service in global mobility networks , 2011, Comput. Networks.

[25]  Chan Yeob Yeun,et al.  Advanced Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks , 2016, Wireless Personal Communications.

[26]  Xiong Li,et al.  A robust biometrics based three-factor authentication scheme for Global Mobility Networks in smart city , 2017, Future Gener. Comput. Syst..

[27]  Tae Hyun Kim,et al.  Side channel analysis attacks using AM demodulation on commercial smart cards with SEED , 2012, J. Syst. Softw..

[28]  Dong Hoon Lee,et al.  Efficient Privacy-Preserving Authentication in Wireless Mobile Networks , 2014, IEEE Transactions on Mobile Computing.

[29]  Xuemin Shen,et al.  Mutual Authentication and Key Exchange Protocols for Roaming Services in Wireless Mobile Networks , 2006, IEEE Transactions on Wireless Communications.

[30]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[31]  David Evans,et al.  Reverse-Engineering a Cryptographic RFID Tag , 2008, USENIX Security Symposium.

[32]  Chun Chen,et al.  Secure and Efficient Handover Authentication Based on Bilinear Pairing Functions , 2012, IEEE Transactions on Wireless Communications.

[33]  Shigefusa Suzuki,et al.  An Authentication Technique Based on Distributed Security Management for the Global Mobility Network , 1997, IEEE J. Sel. Areas Commun..

[34]  Eun-Jun Yoon,et al.  Lightweight authentication with key-agreement protocol for mobile network environment using smart cards , 2016, IET Inf. Secur..

[35]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[36]  Chin-Chen Chang,et al.  Enhanced authentication scheme with anonymity for roaming service in global mobility networks , 2009, Comput. Commun..

[37]  Ping Wang,et al.  On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions , 2014, Comput. Networks.

[38]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[39]  N. Asokan,et al.  Untraceability in mobile networks , 1995, MobiCom '95.