A novel three-factor authentication and key agreement scheme providing anonymity in global mobility networks

As an important service, global roaming is widely used in global mobility networks to make the stable connectivity when the user goes through between different networks. To keep the security of communication, mutual authentication among the foreign agent, the home agent, and the user is a necessary part before normal data flow of the communication. Besides that, the need that the user's personal information should be protected is also an urgent task in the intercourse. Until now, a host of two-factor authentication schemes has been presented, and many weaknesses are presented under security analysis. Here, we propose a new three-factor key agreement and authentication scheme to overcome the problems, which exist in the past schemes. The security of the scheme is proved with three ways. The first is the formal proof employing the random oracle model. The second is the formal verification with Proverif, and the last is the informal analysis. And the presented scheme has all common security properties and is practical for applications. Copyright © 2016 John Wiley & Sons, Ltd.

[1]  SK Hafizul Islam,et al.  A Provably Secure ID-Based Mutual Authentication and Key Agreement Scheme for Mobile Multi-Server Environment Without ESL Attack , 2014, Wireless Personal Communications.

[2]  Xiong Li,et al.  Applying biometrics to design three-factor remote user authentication scheme with key agreement , 2014, Secur. Commun. Networks.

[3]  G. P. Biswas,et al.  Dynamic ID-based remote user mutual authentication scheme with smartcard using Elliptic Curve Cryptography , 2014 .

[4]  Fan Wu,et al.  An improved and provable self‐certified digital signature scheme with message recovery , 2015, Int. J. Commun. Syst..

[5]  Yuqing Zhang,et al.  A privacy preserving authentication scheme for roaming services in global mobility networks , 2015, Secur. Commun. Networks.

[6]  Kangseok Kim,et al.  An efficient secure authentication scheme with user anonymity for roaming user in ubiquitous networks , 2013, Peer-to-Peer Networking and Applications.

[7]  Jianfeng Ma,et al.  An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks , 2015, Peer-to-Peer Netw. Appl..

[8]  Muhammad Khurram Khan,et al.  User authentication schemes for wireless sensor networks: A review , 2015, Ad Hoc Networks.

[9]  J. K. Lee,et al.  Fingerprint-based remote user authentication scheme using smart cards , 2002 .

[10]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[11]  Chun-I Fan,et al.  Provably Secure Remote Truly Three-Factor Authentication Scheme With Privacy Protection on Biometrics , 2009, IEEE Transactions on Information Forensics and Security.

[12]  Muhammad Khurram Khan,et al.  A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security , 2017, Int. J. Commun. Syst..

[13]  Xiong Li,et al.  A novel and provably secure authentication and key agreement scheme with user anonymity for global mobility networks , 2016, Secur. Commun. Networks.

[14]  Xiong Li,et al.  Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS , 2016, Secur. Commun. Networks.

[15]  Guomin Yang,et al.  A Secure and Effective Anonymous User Authentication Scheme for Roaming Service in Global Mobility Networks , 2013, Wireless Personal Communications.

[16]  Kim-Kwang Raymond Choo,et al.  Cryptanalysis of an Improved Smartcard-based Remote Password Authentication Scheme , 2014 .

[17]  Jongin Lim,et al.  Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks , 2009, IEEE Communications Letters.

[18]  Ashok Kumar Das,et al.  A Secure and Efficient User Anonymity-Preserving Three-Factor Authentication Protocol for Large-Scale Distributed Wireless Sensor Networks , 2015, Wirel. Pers. Commun..

[19]  Chin-Chen Chang,et al.  Enhanced authentication scheme with anonymity for roaming service in global mobility networks , 2009, Comput. Commun..

[20]  Cheng-Chi Lee,et al.  Security Enhancement on a New Authentication Scheme With Anonymity for Wireless Environments , 2006, IEEE Transactions on Industrial Electronics.

[21]  Cheng-Chi Lee,et al.  An Improvement of Remote Authentication and Key Agreement Schemes , 2011, J. Circuits Syst. Comput..

[22]  Fahad Bin Muhaya,et al.  Provably Secure and Anonymous Password Authentication Protocol for Roaming Service in Global Mobility Networks Using Extended Chaotic Maps , 2015, Wireless Personal Communications.

[23]  Emmanuel Bresson,et al.  Security proofs for an efficient password-based key exchange , 2003, CCS '03.

[24]  Muhammad Khurram Khan,et al.  An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[25]  Cheng-Chi Lee,et al.  Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices , 2013, IET Comput. Digit. Tech..

[26]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[27]  Fan Wu,et al.  Security analysis and Improvement of a Privacy Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[28]  Muhammad Khurram Khan,et al.  An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[29]  SK Hafizul Islam,et al.  A Robust and Efficient Privacy Aware Handover Authentication Scheme for Wireless Networks , 2017, Wirel. Pers. Commun..

[30]  Shehzad Ashraf Chaudhry A secure biometric based multi-server authentication scheme for social multimedia networks , 2016, Multimedia Tools and Applications.

[31]  Xiong Li,et al.  An improved and anonymous two-factor authentication protocol for health-care applications with wireless medical sensor networks , 2017, Multimedia Systems.

[32]  Chan Yeob Yeun,et al.  Advanced Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks , 2016, Wireless Personal Communications.

[33]  Muhammad Khurram Khan,et al.  An enhanced privacy preserving remote user authentication scheme with provable security , 2015, Secur. Commun. Networks.

[34]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[35]  Xiong Li,et al.  An efficient multi-gateway-based three-factor user authentication and key agreement scheme in hierarchical wireless sensor networks , 2016, Secur. Commun. Networks.

[36]  Xiong Li,et al.  A new and secure authentication scheme for wireless sensor networks with formal proof , 2017, Peer-to-Peer Netw. Appl..

[37]  Fan Wu,et al.  Cryptanalysis and Improvement of a User Authentication Scheme Preserving Uniqueness and Anonymity for Connected Health Care , 2015, Journal of Medical Systems.

[38]  Jianfeng Ma,et al.  An Efficient Ticket Based Authentication Protocol with Unlinkability for Wireless Access Networks , 2014, Wireless Personal Communications.

[39]  Fan Wu,et al.  An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity , 2015, Secur. Commun. Networks.

[40]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[41]  Prosanta Gope,et al.  Enhanced Secure Mutual Authentication and Key Agreement Scheme Preserving User Anonymity in Global Mobile Networks , 2015, Wirel. Pers. Commun..

[42]  Jianfeng Ma,et al.  A new authentication scheme with anonymity for wireless environments , 2004, IEEE Trans. Consumer Electron..

[43]  Jin Kwak,et al.  Secure and Efficient Anonymous Authentication Scheme in Global Mobility Networks , 2013, J. Appl. Math..

[44]  Cheng-Chi Lee,et al.  An Extended Multi-Server-Based User Authentication and Key Agreement Scheme with User Anonymity , 2013, KSII Trans. Internet Inf. Syst..

[45]  Muhammad Sher,et al.  Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems , 2015, Journal of Medical Systems.

[46]  Muhammad Khurram Khan,et al.  A novel biometric-based password authentication scheme for client-server environment using ECC and fuzzy extractor , 2018, Int. J. Ad Hoc Ubiquitous Comput..

[47]  Muhammad Sher,et al.  An improved and provably secure privacy preserving authentication protocol for SIP , 2017, Peer-to-Peer Netw. Appl..

[48]  Jianfeng Ma,et al.  An Enhanced Authentication Scheme with Privacy Preservation for Roaming Service in Global Mobility Networks , 2012, Wireless Personal Communications.

[49]  Ashok Kumar Das,et al.  A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks , 2016, Peer-to-Peer Netw. Appl..

[50]  Stefan Mangard,et al.  One for all - all for one: unifying standard differential power analysis attacks , 2011, IET Inf. Secur..

[51]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[52]  Prosanta Gope,et al.  Lightweight and Energy-Efficient Mutual Authentication and Key Agreement Scheme With User Anonymity for Secure Communication in Global Mobility Networks , 2016, IEEE Systems Journal.

[53]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[54]  Xiong Li,et al.  A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks , 2015, Comput. Electr. Eng..

[55]  Wei-Bin Lee,et al.  A Secure Authentication Scheme with Anonymity for Wireless Communications , 2008, IEEE Commun. Lett..

[56]  Muhammad Sher,et al.  An improved and robust biometrics-based three factor authentication scheme for multiserver environments , 2018, The Journal of Supercomputing.

[57]  Ashok Kumar Das,et al.  A dynamic password-based user authentication scheme for hierarchical wireless sensor networks , 2012, J. Netw. Comput. Appl..

[58]  Xiong Li,et al.  A new authenticated key agreement scheme based on smart cards providing user anonymity with formal proof , 2015, Secur. Commun. Networks.