Design and Validation of an Efficient Authentication Scheme with Anonymity for Roaming Service in Global Mobility Networks

Designing a user authentication protocol with anonymity for the global mobility network (GLOMONET) is a difficult task because wireless networks are susceptible to attacks and each mobile user has limited power, processing and storage resources. In this paper, a secure and lightweight user authentication protocol with anonymity for roaming service in the GLOMONET is proposed. Compared with other related approaches, our proposal has many advantages. Firstly, it uses low-cost functions such as one-way hash functions and exclusive-OR operations to achieve security goals. Having this feature, it is more suitable for battery-powered mobile devices. Secondly, it uses nonces instead of timestamps to avoid the clock synchronization problem. Therefore, an additional clock synchronization mechanism is not needed. Thirdly, it only requires four message exchanges between the user, foreign agent and home agent. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, no password table, and high efficiency in password authentication. Security and performance analyses show that compared with other related authentication schemes, the proposed scheme is more secure and efficient.     

Anonymous and expeditious mobile user authentication scheme for GLOMONET environments

The Global Mobility Network (GLOMONET) is rapidly becoming important as well as a popular feature in today's high‐performance network. The legal mobile users enjoy life using the ubiquitous services via GLOMONET. However, because of the broadcast nature of the wireless channel, providing user authentication along with the privacy and anonymity of the users in GLOMONET is indeed a challenging task. In this article, we come up with a secure and expeditious mobile communication environment using symmetric key cryptosystem to ensure mobile users' anonymity and privacy against eavesdroppers and backward/forward secrecy of the session key. Our scheme can also protect numerous security threats, like man‐in‐the‐middle attack, known session key attack, lost smartcard attack, and forgery attack. Furthermore, we put forward a new technique named as “friendly foreign agent policy,” where many foreign agents can make different groups among themselves and perform important responsibilities to authenticate a legitimate mobile user without interfering his or her home agent even though the mobile user moves to a new location, covered by a new foreign agent (belongs to the same group). Security and performance analyses show that the proposed scheme is secure and more efficient as compared with other competitive schemes for GLOMONET environments.     

An efficient and secure 3‐factor user‐authentication protocol for multiserver environment

In the last decade, the number of web‐based applications is increasing rapidly, which leads to high demand for user authentication protocol for multiserver environment. Many user‐authentication protocols have been proposed for different applications. Unfortunately, most of them either have some security weaknesses or suffer from unsatisfactory performance. Recently, Ali and Pal proposed a three‐factor user‐authentication protocol for multiserver environment. They claimed that their protocol can provide mutual authentication and is secure against many kinds of attacks. However, we find that Ali and Pal's protocol cannot provide user anonymity and is vulnerable to 4 kinds of attacks. To enhance security, we propose a new user‐authentication protocol for multiserver environment. Then, we provide a formal security analysis and a security discussion, which indicate our protocol is provably secure and can withstand various attacks. Besides, we present a performance analysis to show that our protocol is efficient and practical for real industrial environment.     

A self-encryption mechanism for authentication of roaming and teleconference services

A simple authentication technique for use in the global mobility network (GLOMONET) is proposed. This technique is based on the concept of distributed security management, i.e., the original security manager administrates the original authentication key (long-term secret key) acquired when a user makes a contract with his home network, while a temporary security manager is generated for a roaming user in the visited network that provides roaming services. The temporary security manager will take the place of the original security manager when the roaming user stays in the service area of the visited network. In the proposed authentication protocol for the regular communication phase, the procedures of the original security manager and the temporary security manager are the same except for introducing different parameters. Furthermore, the proposed technique not only reduces the number of transmissions during the authentication phase, but it also can decrease the complexity of mobile equipment. The idea behind the proposed technique is to introduce a simple mechanism which is called "self-encryption". We also suggest that this mechanism can be easily adopted as the authentication function for the secure teleconference service.     

A pairing‐free identity‐based handover AKE protocol with anonymity in the heterogeneous wireless networks

Nowadays, seamless roaming service in heterogeneous wireless networks attracts more and more attention. When a mobile user roams into a foreign domain, the process of secure handover authentication and key exchange (AKE) plays an important role to verify the authenticity and establish a secure communication between the user and the access point. Meanwhile, to prevent the user's current location and moving history information from being tracked, privacy preservation should be also considered. However, existing handover AKE schemes have more or less defects in security aspects or efficiency. In this paper, a secure pairing‐free identity‐based handover AKE protocol with privacy preservation is proposed. In our scheme, users' temporary identities will be used to conceal their real identities during the handover process, and the foreign server can verify the legitimacy of the user with the home server's assistance. Besides, to resist ephemeral private key leakage attack, the session key is generated from the static private keys and the ephemeral private keys together. Security analysis shows that our protocol is provably secure in extended Canetti‐Krawczyk (eCK) model under the computational Diffie‐Hellman (CDH) assumption and can capture desirable security properties including key‐compromise impersonation resistance, ephemeral secrets reveal resistance, strong anonymity, etc. Furthermore, the efficiency of our identity‐based protocol is improved by removing pairings, which not only simplifies the complex management of public key infrastructure (PKI) but also reduces the computation overhead of ID‐based cryptosystem with pairings. It is shown that our proposed handover AKE protocol provides better security assurance and higher computational efficiency for roaming authentication in heterogeneous wireless networks.     

A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security

Ubiquitous networks provide roaming service for mobile nodes enabling them to use the services extended by their home networks in a foreign network. A mutual authentication scheme between the roamed mobile node and the foreign network is needed to be performed through the home network. Various authentication schemes have been developed for such networks, but most of them failed to achieve security in parallel to computational efficiency. Recently, Shin et al. and Wen et al. separately proposed two efficient authentication schemes for roaming service in ubiquitous networks. Both argued their schemes to satisfy all the security requirements for such systems. However, in this paper, we show that Shin et al. 's scheme is susceptible to: (i) user traceability; (ii) user impersonation; (iii) service provider impersonation attacks; and (iv) session key disclosure. Furthermore, we show that Wen et al. 's scheme is also insecure against: (i) session key disclosure; and (ii) known session key attacks. To conquer the security problems, we propose an improved authentication scheme with anonymity for consumer roaming in ubiquitous networks. The proposed scheme not only improved the security but also retained a lower computational cost as compared with existing schemes. We prove the security of proposed scheme in random oracle model. Copyright © 2015 John Wiley & Sons, Ltd.     

Security Enhanced Anonymous User Authenticated Key Agreement Scheme Using Smart Card

Nowadays, the password-based remote user authentication mechanism using smart card is one of the simplest and convenient authentication ways to ensure secure communications over the public network environments. Recently, Liu et al. proposed an efficient and secure smart card based password authentication scheme. However, we find that Liu et al.’s scheme is vulnerable to the off-line password guessing attack and user impersonation attack. Furthermore, it also cannot provide user anonymity. In this paper, we cryptanalyze Liu et al.’s scheme and propose a security enhanced user authentication scheme to overcome the aforementioned problems. Especially, in order to preserve the user anonymity and prevent the guessing attack, we use the dynamic identity technique. The analysis shows that the proposed scheme is more secure and efficient than other related authentication schemes.     

An Improved and Secure Two-factor Dynamic ID Based Authenticated Key Agreement Scheme for Multiserver Environment

The smart card based password authentication scheme is one of the most important and efficient security mechanism, which is used for providing security to authorized users over an insecure network. In this paper, we analyzed major security flaws of Jangirala et al.’s scheme and proved that it is vulnerable to forgery attack, replay attack, user impersonation attack. Also, Jangirala et al.’s scheme fail to achieve mutual authentication as it claimed. We proposed an improved two factor based dynamic ID based authenticated key agreement protocol for the multiserver environment. The proposed scheme has been simulated using widely accepted AVISPA tool. Furthermore, mutual authentication is proved through BAN logic. The rigorous security and performance analysis depicts that the proposed scheme provides users anonymity, mutual authentication, session key agreement and secure against various active attacks.     

Chaotic Map Based Mobile Dynamic ID Authenticated Key Agreement Scheme

When it comes to key agreement protocol, mutual authentication is regarded as a crucial security requirement. Yet, conventional authenticated key agreement using static ID cannot provide user anonymity if the communication content is compromised. A dynamic ID authentication scheme is a better alternative for maintaining user’s privacy. Based on the Chebyshev chaotic map, the author proposes a mobile dynamic ID authenticated key agreement scheme which allows mobile users to gain resources of remote servers. By optimizing the server computation, our scheme aims at increasing the concurrent process capacity of remote servers. We also demonstrate that the proposed scheme is secure against existential active attacks and outperforms related works.     

Secure Handover Authentication Protocol Based on Bilinear Pairings

Handover authentication protocol enables a mobile node to switch from one base station to another without loss or interruption of service when the node exits the transmission area of his or her current base station. This paper proposes a secure prime-order handover authentication protocol based on bilinear pairings. The proposed protocol adapts the concept of pseudonyms to provide user anonymity and user unlinkability. It withstands well-known security threats and achieves mutual authentication, user unlinkability. A batch signature verification mechanism to verify a mass of signatures is presented in our scheme. We also prove that our scheme is secure under random oracle.     

Secure Remote User Mutual Authentication Scheme with Key Agreement for Cloud Environment

Authentication schemes are widely used mechanisms to thwart unauthorized access of resources over insecure networks. Several smart card based password authentication schemes have been proposed in the literature. In this paper, we demonstrate the security limitations of a recently proposed password based authentication scheme, and show that their scheme is still vulnerable to forgery and offline password guessing attacks and it is also unable to provide user anonymity, forward secrecy and mutual authentication. With the intention of fixing the weaknesses of that scheme, we present a secure authentication scheme. We show that the proposed scheme is invulnerable to various attacks together with attacks observed in the analyzed scheme through both rigorous formal and informal security analysis. Furthermore, the security analysis using the widely-accepted Real-Or-Random (ROR) model ensures that the proposed scheme provides the session key (SK) security. Finally, we carry out the performance evaluation of the proposed scheme and other related schemes, and the result favors that the proposed scheme provides better trade-off among security and performance as compared to other existing related schemes.

     

基于代理签名的移动通信网络匿名漫游认证协议

随着无线移动终端的广泛应用,漫游认证、身份保密等问题显得日益突出。该文分析了现有的各种漫游认证协议在匿名性及安全性上存在的问题,指出现有协议都无法同时满足移动终端的完全匿名与访问网络对非法认证请求的过滤,进而针对性地提出了一种新的匿名认证协议。该协议基于椭圆曲线加密和代理签名机制,通过让部分移动终端随机共享代理签名密钥对的方式,实现了完全匿名和非法认证请求过滤。此外,协议运用反向密钥链实现了快速重认证。通过分析比较以及形式化验证工具AVISPA验证表明,新协议实现了完全匿名,对非法认证请求的过滤,双向认证和会话密钥的安全分发,提高了安全性,降低了计算负载,适用于能源受限的移动终端。     

Design and FPGA implementation of an efficient security mechanism for mobile pay‐TV systems

A mobile pay‐TV service is one of the ongoing services of multimedia systems. Designing an efficient mechanism for authentication and key distribution is an important security requirement in mobile pay‐TV systems. Until now, many security protocols have been proposed for mobile pay‐TV systems. However, the existing protocols for mobile pay‐TV systems are vulnerable to various security attacks. Recently, Wang and Qin proposed an authentication scheme for mobile pay‐TV systems using bilinear pairing on elliptic curve cryptography. They claimed that their scheme could withstand various attacks. In this paper, we demonstrate that Wang and Qin's scheme is vulnerable to replay attacks and impersonation attacks. Furthermore, we propose a novel security protocol for mobile pay‐TV systems using the elliptic curve cryptosystem to overcome the weaknesses of Wang and Qin's scheme. In order to improve the efficiency, the proposed scheme is designed in such a way that needs fewer scalar multiplication operations and does not use bilinear pairing, which is an expensive cryptographic operation. Detailed analyses, including verification using the Automated Validation of Internet Security Protocols and Applications tool and implementation on FPGA, demonstrate that the proposed scheme not only withstands active and passive attacks and provides user anonymity but also has a better performance than Wang and Qin's scheme.     

Secure anonymous authentication scheme without verification table for mobile satellite communication systems

An authentication scheme is one of the most basic and important security mechanisms for satellite communication systems because it prevents illegal access by an adversary. Lee et al. recently proposed an efficient authentication scheme for mobile satellite communication systems. However, we observed that this authentication scheme is vulnerable to a denial of service (DoS) attack and does not offer perfect forward secrecy. Therefore, we propose a novel secure authentication scheme without verification table for mobile satellite communication systems. The proposed scheme can simultaneously withstand DoS attacks and support user anonymity and user unlinkability. In addition, the proposed scheme is based on the elliptic curve cryptosystem, has low client‐side and server‐side computation costs, and achieves perfect forward secrecy. Copyright © 2013 John Wiley & Sons, Ltd.     

An efficient remote user authentication and key agreement protocol for mobile client–server environment from pairings

With the continue evaluation of mobile devices in terms of the capabilities and services, security concerns increase dramatically. To provide secured communication in mobile client–server environment, many user authentication protocols from pairings have been proposed. In 2009, Goriparthi et al. proposed a new user authentication scheme for mobile client–server environment. In 2010, Wu et al. demonstrated that Goriparthi et al.’s protocol fails to provide mutual authentication and key agreement between the client and the server. To improve security, Wu et al. proposed an improved protocol and demonstrated that their protocol is provably secure in random oracle model. Based on Wu et al.’s work, Yoon et al. proposed another scheme to improve performance. However, their scheme just reduces one hash function operation at the both of client side and the server side. In this paper, we present a new user authentication and key agreement protocol using bilinear pairings for mobile client–server environment. Performance analysis shows that our protocol has better performance than Wu et al.’s protocol and Yoon et al.’s protocol. Then our protocol is more suited for mobile client–server environment. Security analysis is also given to demonstrate that our proposed protocol is provably secure against previous attacks.     

An efficient three factor–based authentication scheme in multiserver environment using ECC

Recently, Li et al have developed a smartcard‐based remote user authentication scheme in multiserver environment. They have claimed that their scheme is secured against some possible cryptographic attacks. However, we have analyzed that the scheme of Li et al cannot preserve all the proclaimed security goals, which are given as follows: (1) It is not withstanding password‐guessing, user impersonation, insider, and smartcard theft attacks, and (2) it fails to facilitate user anonymity property. To remedy these above‐mentioned security flaws, we have proposed an efficient three factor–based authentication scheme in a multiserver environment using elliptic curve cryptography. The Burrows‐Abadi‐Needham logic is used to confirm the security validation of our scheme, which ensures that it provides mutual‐authentication and session‐key agreement securely. Then, the random oracle model is also considered to analyze the proposed scheme, and it shows that the backbone parameters, ie, identity, password, biometrics, and the session key, are secure from an adversary. Further, the informal security analysis confirms that the suggested scheme can withstand against some possible mentioned attacks. Later, the Automated Validation of Internet Security Protocols and Applications tool is incorporated to ensure its security against passive and active attacks. Finally, the performance comparison of the scheme is furnished to confirm its enhanced security with other relevant schemes.     

TAKAP:A Lightweight Three-Party Authenticated Key Agreement Protocol with User Anonymity

The three-party authenticated key agree-ment protocol is a significant cryptographic mechanism for secure communication,which encourages two entities to authenticate each other and generate a shared session key with the assistance of a trusted party (remote server) via a public channel.Recently,Wang et al.put forward a three-party key agreement protocol with user anonymity and alleged that their protocol is able to resist all kinds of attacks and provide multifarious security features in Computer Engineering & Science,No.3,2018.Unfortunately,we show that Wang et al.'s protocol is vulnerable to the password guessing attack and fails to satisfy user anonymity and perfect secrecy.To solve the aforementioned problems,a lightweight chaotic map-based Three-party authenticated key agreement protocol(short for TAKAP) is proposed,which not only could provide privacy protection but also resist a wide variety of security attacks.Furthermore,it is formally proved under Burrows-Abadi-Needham (BAN) logic.Simultaneously,the performance analysis in this paper demonstrates that the proposed TAKAP protocol is more secure and efficient compared with other relevant protocols.     

A Secure and Effective Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks

Recently, Mun et al. analyzed Wu et al.’s authentication scheme and proposed an enhanced anonymous authentication scheme for roaming service in global mobility networks. However, through careful analysis, we find that Mun et al.’s scheme is vulnerable to impersonation attacks and insider attacks, and cannot provide user friendliness, user’s anonymity, proper mutual authentication and local verification. To remedy these weaknesses, we propose a novel anonymous authentication scheme for roaming service in global mobility networks. Compared with previous related works, our scheme has many advantages. Firstly, the secure authenticity of the scheme is formally validated by an useful formal model called BAN logic. Secondly, the scheme enjoys many important security attributes including prevention of various attacks, user anonymity, no verification table, local password verification and so on. Thirdly, the scheme does not use timestamp, thus it avoids the clock synchronization problem. Further, the scheme contains the authentication and establishment of session key scheme when mobile user is located in his/her home network, therefore it is more practical and universal for global mobility networks. Finally, performance and cost analysis show our scheme is more suitable for low-power and resource limited mobile devices and thus availability for real implementation.     

Private Authentication Techniques for the Global Mobility Network

Numerous authentication approaches have been proposed recently for the global mobility network (GLOMONET), which provides mobile users with global roaming services. In these authentication schemes, the home network operators can easily obtain the authentication key and wiretap the confidentiality between the roaming user and the visited network. This investigation provides a solution of authentication techniques for GLOMONET in order to prevent this weakness from happening and presents a secure authentication protocol for roaming services. In addition, a round-efficient version of the same authentication protocol is presented. Comparing with other related approaches, the proposed authentication protocol involves fewer messages and rounds in communication. Tian-Fu Lee was born in Tainan, Taiwan, ROC, in 1969. He received his B.S. degree in Applied Mathematics from National Chung Hsing University, Taiwan, in 1992, and his M.S. degree in Computer Science and Information Engineering from National Chung Cheng University, Taiwan, in 1998. He works as a lecturer in Leader University and pursues his Ph.D. degree at Department of Computer Science and Information Engineering, National Cheng Kung University, Taiwan. His research interests include cryptography and network security. Chi-Chao Chang received the BS degree in Microbiology from Soochow University in 1990 and the MS degree in Computer Science from State University of New York at Albany in 1992. He is currently working as an instructor in Chang Jung Christian University and a graduate student in National Cheng Kung University. His research interests are information security, mobile agent systems, anonymous digital signatures and quantum cryptography. Tzonelih Hwang was born in Tainan, Taiwan, in March 1958. He received his undergraduate degree from National Cheng Kung University, Tainan, Taiwan, in 1980, and the M.S. and Ph.D. degrees in Computer Science from the University of Southwestern Louisiana, USA, in 1988. He is presently a professor in Department of Computer Science and Information Engineering, National Cheng Kung University. His research interests include cryptology, network security, and coding theory.     

Machine Learning Protocol for Secure 5G Handovers

The fifth generation (5G) networks are characterized with ultra-dense deployment of base stations with limited footprint. Consequently, user equipment’s handover frequently as they move within 5G networks. In addition, 5G requirements of ultra-low latencies imply that handovers should be executed swiftly to minimize service disruptions. To preserve security and privacy while at the same time maintaining optimal performance during handovers, numerous schemes have been developed. However, majority of these techniques are either limited to security and privacy or address only performance aspect of the handover mechanism. As such, there is need for a novel handover authentication protocol that addresses security, privacy and performance simultaneously. This paper presents a machine learning protocol that not only facilitates optimal selection of target cell but also upholds both security and privacy during handovers. Formal security analysis using the widely adopted Burrows–Abadi–Needham (BAN) logic shows that the proposed protocol achieves all the six formulated under this proof. As such, the proposed protocol facilitates strong and secure mutual authentication among the communicating entities before generating the shares session key. The derived session key protected the exchanged packets to avert attacks such as forgery. In addition, informal security evaluation of the proposed protocol shows that it offers perfect forward key secrecy, mutual authentication any user anonymity. It is also demonstrated to be robust against attacks such as denial of service (DoS), man-in-the-middle (MitM), masquerade, packet replays and forgery. In terms of performance, simulation results shows that it has lower packets drop rate and ping–pong rate, with higher ratio of packets received compared with improved 5G authentication and key agreement (5G AKA’) protocol. Specifically, using 5G AKA’ as the basis, the proposed protocol reduces the handover rate by 94.4%, hence the resulting handover signaling is greatly minimized.