Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks"

Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes’ participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.’s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.’s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic.

[1]  Naveen K. Chilamkurti,et al.  A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks , 2015, Inf. Sci..

[2]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[3]  Shehzad Ashraf Chaudhry Comment on 'Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications' , 2015, IET Commun..

[4]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[5]  Xiong Li,et al.  Applying biometrics to design three-factor remote user authentication scheme with key agreement , 2014, Secur. Commun. Networks.

[6]  Kim-Kwang Raymond Choo Secure Key Establishment , 2008, Advances in Information Security.

[7]  Yuanyuan Zhang,et al.  Cryptanalysis and Improvement of an Anonymous Authentication Protocol for Wireless Access Networks , 2013, Wireless Personal Communications.

[8]  Mojtaba Alizadeh,et al.  Anonymity and Untraceability Assessment of Authentication Protocols in Proxy Mobile IPv6 , 2015 .

[9]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[10]  Moonseong Kim,et al.  Dictionary Attacks against Password-Based Authenticated Three-Party Key Exchange Protocols , 2013, KSII Trans. Internet Inf. Syst..

[11]  Juan Qu,et al.  An Improved Dynamic ID-Based Remote User Authentication with Key Agreement Scheme , 2013, J. Electr. Comput. Eng..

[12]  ChaudhryShehzad Ashraf,et al.  An enhanced privacy preserving remote user authentication scheme with provable security , 2015 .

[13]  Muhammad Sher,et al.  An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography , 2014, Multimedia Tools and Applications.

[14]  Jenq-Shiou Leu,et al.  Anonymous authentication protocol based on elliptic curve Diffie-Hellman for wireless access networks , 2014, Wirel. Commun. Mob. Comput..

[15]  Hung-Yu Chien,et al.  A modified remote login authentication scheme based on geometric approach , 2001, J. Syst. Softw..

[16]  Mojtaba Alizadeh,et al.  Security and privacy criteria to evaluate authentication mechanisms in proxy mobile IPv6 , 2015 .

[17]  WenFengtong,et al.  An improved dynamic ID-based remote user authentication with key agreement scheme , 2012 .

[18]  Kee-Young Yoo,et al.  Improvement of Chien et al.'s remote user authentication scheme using smart cards , 2005, Comput. Stand. Interfaces.

[19]  Muhammad Khurram Khan,et al.  An enhanced privacy preserving remote user authentication scheme with provable security , 2015, Secur. Commun. Networks.

[20]  Kim-Kwang Raymond Choo An Integrative Framework to Protocol Analysis and Repair: Bellare-Rogaway Model + Planning + Model Checker , 2007, Informatica.

[21]  Hung-Ming Chen,et al.  An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[22]  Muhammad Sher,et al.  A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography , 2016, Electron. Commer. Res..

[23]  Alfred Menezes,et al.  The State of Elliptic Curve Cryptography , 2000, Des. Codes Cryptogr..

[24]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[25]  Rajeev Koodli Mobile IPv6 Fast Handovers , 2009, RFC.

[26]  Xiong Li,et al.  An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement , 2014, Secur. Commun. Networks.

[27]  HwangMin-Shiang,et al.  A new remote user authentication scheme using smart cards , 2000 .

[28]  Colin Boyd,et al.  The importance of proofs of security for key establishment protocols: Formal analysis of Jan-Chen, Yang-Shen-Shieh, Kim-Huh-Hwang-Lee, Lin-Sun-Hwang, and Yeh-Sun protocols , 2006, Comput. Commun..

[29]  Moonseong Kim,et al.  Efficient and Anonymous Two-Factor User Authentication in Wireless Sensor Networks: Achieving User Anonymity with Lightweight Sensor Computation , 2015, PloS one.

[30]  Jin Wang,et al.  A Variable Threshold-Value Authentication Architecture for Wireless Mesh Networks , 2014 .

[31]  Wei-Chi Ku,et al.  Impersonation Attack on a Dynamic ID-Based Remote User Authentication Scheme Using Smart Cards , 2005, IEICE Trans. Commun..

[32]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[33]  Yu-Chung Chiu,et al.  Improved remote authentication scheme with smart card , 2005, Comput. Stand. Interfaces.

[34]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[35]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[36]  Zhenfu Cao,et al.  Perfect forward secure identity-based authenticated key agreement protocol in the escrow mode , 2009, Science in China Series F: Information Sciences.

[37]  Dongho Won,et al.  A mechanical approach to derive identity-based protocols from Diffie-Hellman-based protocols , 2014, Inf. Sci..

[38]  Jian Ma,et al.  A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments , 2013, Math. Comput. Model..

[39]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of "An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems" , 2014, Secur. Commun. Networks.

[40]  Dong Hoon Lee,et al.  A remote user authentication scheme without using smart cards , 2009, Comput. Stand. Interfaces.

[41]  Sherali Zeadally,et al.  Authentication protocol for an ambient assisted living system , 2015, IEEE Communications Magazine.

[42]  Muhammad Khurram Khan,et al.  A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security , 2017, Int. J. Commun. Syst..

[43]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[44]  Xiong Li,et al.  An improved smart card based authentication scheme for session initiation protocol , 2017, Peer-to-Peer Netw. Appl..

[45]  Jianfeng Ma,et al.  Security Enhancement on an Authentication Method for Proxy Mobile IPv6 , 2011 .

[46]  XuJing,et al.  An improved smart card based password authentication scheme with provable security , 2009 .

[47]  Kim-Kwang Raymond Choo A Proof of Revised Yahalom Protocol in the Bellare and Rogaway (1993) Model , 2007, Comput. J..

[48]  Claude Castelluccia,et al.  Hierarchical Mobile IPv6 (HMIPv6) Mobility Management , 2008, RFC.

[49]  F. M. Chiussi,et al.  Mobility management in third-generation all-IP networks , 2002, IEEE Commun. Mag..

[50]  P. Kocher,et al.  Differential power analysis, advances in cryptology-CRYPTO'99 , 1999 .

[51]  Eun-Jun Yoon,et al.  Comments on Modified User Friendly Remote Authentication Scheme with Smart Cards , 2007, IEICE Trans. Commun..

[52]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[53]  Meng Chang Chen,et al.  SPAM: A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks , 2013, IEEE Systems Journal.

[54]  Jian Shen,et al.  A Novel Routing Protocol Providing Good Transmission Reliability in Underwater Sensor Networks , 2015 .

[55]  Xiong Li,et al.  An enhanced smart card based remote user password authentication scheme , 2013, J. Netw. Comput. Appl..

[56]  Muhammad Sher,et al.  Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems , 2015, Journal of Medical Systems.

[57]  Chun-Ta Li,et al.  A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks , 2008, Comput. Commun..

[58]  Muhammad Sher,et al.  An improved and provably secure privacy preserving authentication protocol for SIP , 2017, Peer-to-Peer Netw. Appl..

[59]  Pan Chun-lan Improved remote authentication scheme with smart card , 2009 .

[60]  N. Koblitz Towards a Quarter-Century of Public Key Cryptography , 2000, Springer US.

[61]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[62]  Fahad Bin Muhaya,et al.  Cryptanalysis of Truong et al.'s Fingerprint Biometric Remote Authentication Scheme Using Mobile Device , 2013, BICS.

[63]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[64]  Telemaco Melia,et al.  PMIPv 6 : A Network-Based Localized Mobility Management Solution , 2012 .

[65]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[66]  Chunguang Ma,et al.  Security flaws in two improved remote user authentication schemes using smart cards , 2014, Int. J. Commun. Syst..

[67]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[68]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[69]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[70]  Yan-yan Wang,et al.  A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[71]  Sangjin Kim,et al.  Ticket-Based Binding Update Protocol for Mobile IPv6 , 2006, ICDCIT.

[72]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .