Abstract
In global mobility networks, user authentication is an essential security mechanism that permits mobile users to use the roaming services offered by foreign agents with the support of home agent in mobile network environment. Recently, Rhee et al. analyzed Wu et al. and Wei et al. authentication scheme, and proposed a smart card based user authentication scheme with user anonymity in global mobility networks. However, in this paper, we find that Rhee et al. scheme is vulnerable to user impersonation attacks and off-line password guessing attacks. Moreover, the scheme does not preserve user anonymity; does not provide perfect forward secrecy, and an option to change/update the password; and does not detect wrong password quickly. Hence we propose a secure authentication scheme with user anonymity for roaming service in global mobility networks. Furthermore, performance analysis shows that compared with existing authentication schemes, our proposed scheme is simple and secure.
Similar content being viewed by others
References
Suzuki, S., & Nakada, K. (1997). An authentication technique based on distributed security management for the global mobility network. IEEE Journal on Selected Areas in Communications, 15(8), 1608–1617.
Huang, X., **ang, Y., Chonka, A., Zhou, J., & Deng, R. H. (2011). A generic framework for three-factor authentication: Preserving security and privacy in distributed systems. IEEE Transactions on Parallel and Distributed Systems, 22(8), 1390–1397.
Zhu, J., & Ma, J. (2004). A new authentication scheme with anonymity for wireless environments. IEEE Transactions on Consumer Electronics, 50(1), 231–235.
Lee, C.-C., Hwang, M.-S., & Liao, I.-E. (2006). Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE Transactions on Industrial Electronics, 53(5), 1683–1687.
Wei, Y., Qiu, H., & Hu, Y. (2006) Security analysis of authentication scheme with anonymity for wireless environments. In International conference on communication technology, 2006 (ICCT’06) (pp. 1–4), IEEE.
Chia-Chun, W., Lee, W.-B., & Tsaur, W.-J. (2008). A secure authentication scheme with anonymity for wireless communications. IEEE Communications Letters, 12(10), 722–723.
**g, X., & Feng, D. (2009). Security flaws in authentication protocols with anonymity for wireless environments. ETRI Journal, 31(4), 460–462.
Lee, J.-S., Chang, J. H., & Lee, D. H. (2009). Security flaw of authentication scheme with anonymity for wireless communications. IEEE Communications Letters, 13(5), 292–293.
Wang, C.-H., Wei, T.-C., Lee, P.-C., & Wu, C.-C. (2009). An improvement of secure authentication scheme with full anonymity for wireless communications. In Proceedings of the 2nd international conference on interaction sciences: information technology, culture and human (pp. 115–118), ACM.
Jeon, W., Kim, J., Lee, Y., & Won, D. (2012). Security analysis of authentication scheme for wireless communications with user anonymity. In Information technology convergence, secure and trust computing, and data management (pp. 225–231). Berlin: Springer.
Chang, C.-C., Lee, C.-Y., & Chiu, Y.-C. (2009). Enhanced authentication scheme with anonymity for roaming service in global mobility networks. Computer Communications, 32(4), 611–618.
Youn, T.-Y., Park, Y.-H., & Lim, J. (2009). Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks. IEEE Communications Letters, 13(7), 471–473.
Zeng, P., Cao, Z., Choo, K., & Wang, S. (2009). On the anonymity of some authentication schemes for wireless communications. IEEE Communications Letters, 13(3), 170–171.
He, D., Ma, M., Zhang, Y., Chen, C., & Jiajun, B. (2011). A strong user authentication scheme with smart cards for wireless communications. Computer Communications, 34(3), 367–374.
Li, C.-T., & Lee, C.-C. (2012). A novel user authentication and privacy preserving scheme with smart cards for wireless communications. Mathematical and Computer Modelling, 55(1), 35–44.
Jeon, W., Lee, Y., & Won, D. (2013). An efficient user authentication scheme with smart cards for wireless communications. International Journal of Security & Its Applications, 7(4), 1–5.
Ashok Kumar Das. (2013). A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Networking Science, 2(1–2), 12–27.
Wen, F., Susilo, W., & Yang, G. (2014). A robust smart card-based anonymous user authentication protocol for wireless communications. Security and Communication Networks, 7(6), 987–993.
**g, X., Zhu, W.-T., & Feng, D.-G. (2011). An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks. Computer Communications, 34(3), 319–325.
Rhee, H. S. (2011). Improved user authentication scheme with user anonymity for wireless communications. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences,94(2), 860–864.
Jian-bin, H., **ong, H., & Chen, Z. (2012). Further improvement of an authentication scheme with user anonymity for wireless communications. IJ Network Security, 14(5), 297–300.
He, D., Chan, S., Chen, C., Jiajun, B., & Fan, R. (2011). Design and validation of an efficient authentication scheme with anonymity for roaming service in global mobility networks. Wireless Personal Communications, 61(2), 465–476.
Yoon, E.-J., Yoo, K.-Y., & Ha, K.-S. (2011). A user friendly authentication scheme with anonymity for wireless communications. Computers & Electrical Engineering, 37(3), 356–364.
Niu, J., & Li, X. (2014). A novel user authentication scheme with anonymity for wireless communications. Security and Communication Networks, 7(10), 1467–1476.
Li, C.-T. (2012). A more secure and efficient authentication scheme with roaming service and user anonymity for mobile communications. Information Technology and Control, 41(1), 69–76.
Mun, H., Han, K., Lee, Y. S., Yeun, C. Y., & Choi, H. H. (2012). Enhanced secure anonymous authentication scheme for roaming service in global mobility networks. Mathematical and Computer Modelling, 55(1), 214–222.
Kim, J.-S., & Kwak, J. (2012). Improved secure anonymous authentication scheme for roaming service in global mobility networks. International Journal of Security and Its Applications, 6(3), 45–54.
Jiang, Q., Ma, J., Li, G., & Yang, L. (2013). An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wireless Personal Communications, 68(4), 1477–1491.
Wen, F., Susilo, W., & Yang, G. (2013). A secure and effective anonymous user authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 73(3), 993–1004.
Li, H., Yang, Y., & Pang, L. (2013). An efficient authentication protocol with user anonymity for mobile networks. In 2013 IEEE wireless communications and networking conference (WCNC) (pp. 1842–1847), IEEE.
**e, Q., Bin, H., Tan, X., Bao, M., & **uyuan, Y. (2014). Robust anonymous two-factor authentication scheme for roaming service in global mobility network. Wireless Personal Communications, 74(2), 601–614.
**g, X., & Zhu, W.-T. (2013). A generic framework for anonymous authentication in mobile networks. Journal of Computer Science and Technology, 28(4), 732–742.
Zhao, D., Peng, H., Li, L., & Yang, Y. (2013). A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 78(1), 247–269.
Hu, B., Bao, M., & Dong, N. (2014). Improvement of user authentication protocol with anonymity for wireless communications. Kuwait Journal of Science, 41(1), 155–169.
Kuo, W.-C., Wei, H.-J., & Cheng, J.-C. (2014). An efficient and secure anonymous mobility network authentication scheme. Journal of Information Security and Applications, 19(1), 18–24.
Liu, J., Wang, D., & Wang, P. (2014). Improved privacy-preserving authentication scheme for roaming service in mobile networks. In 2014 IEEE wireless communications and networking conference (WCNC).
Zhou, N., Chen, X., Li, C., & Xue, Z. (2014). Secrecy rate of two-hop af relaying networks with an untrusted relay. Wireless Personal Communications, 75(1), 119–129.
Jiang, Q., Ma, J., Li, G., & Yang, L. (2014). An efficient ticket based authentication protocol with unlinkability for wireless access networks. Wireless Personal Communications, 77(2), 1489–1506.
He, D., Zhang, Y., & Chen, J. (2014). Cryptanalysis and improvement of an anonymous authentication protocol for wireless access networks. Wireless Personal Communications, 74(2), 229–243.
ElGamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. In Advances in cryptology (pp. 10–18). Berlin: Springer.
Rivest, R. (1992). Rfc 1321: The md5 message-digest algorithm. Technical report RFC 1321, IETFl.
Secure Hash Standard. Technical report fips pub 180-1. US Department of Commerce/National Institute of Standards and Technology, 1995.
Diffie, W., & Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654.
Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.
**g, X., Zhu, W.-T., & Feng, D.-G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces, 31(4), 723–728.
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in cryptology (CRYPTO99) (pp. 388–397). Berlin: Springer
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Wang, D., Ma, C., & Wu, P. (2012). Secure password-based remote user authentication scheme with non-tamper resistant smart cards. In Data and applications security and privacy XXVI (pp. 114–121). Berlin: Springer
Sood, S. K. (2011). Secure dynamic identity-based authentication scheme using smart cards. Information Security Journal: A Global Perspective, 20(2), 67–77.
Tapiador, J. E., Hernandez-Castro, J. C., Peris-Lopez, P., & Clark, J. A. (2011). Cryptanalysis of song’s advanced smart card based password authentication protocol. ar**v preprint ar**v:1111.2744
Shim, K.-A. (2012). Security flaws in three password-based remote user authentication schemes with smart cards. Cryptologia, 36(1), 62–69.
He, D., & Shuhua, W. (2013). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications, 70(1), 323–329.
Wang, D., Ma, C., Gu, D., & Cui, Z. (2012). Cryptanalysis of two dynamic id-based remote user authentication schemes for multi-server architecture. In Network and system security (pp. 462–475). Berlin: Springer.
Ma, C., Wang, D., & Zhao, S.-D. (2014). Security flaws in two improved remote user authentication schemes using smart cards. International Journal of Communication Systems, 27(10), 2215–2227.
Wang, D., & Wang, P. (2014). Offline dictionary attack on password authentication schemes using smart cards. IACR Cryptology ePrint Archive, 2014, 208.
Wang, D., & Wang, P. (2014). On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions. Computer Networks, 73(14), 41–57.
Karuppiah, M., & Saravanan, R. (2014). A secure remote user mutual authentication scheme using smart cards. International Journal of Security and Its Applications, 19(4–5), 282–294.
Kasper, T., Oswald, D., & Paar, C. (2012). Side-channel analysis of cryptographic rfids with analog demodulation. In RFID security and privacy (pp. 61–77). Berlin: Springer.
Scott, M., Costigan, N., & Abdulwahab, W. (2006). Implementing cryptographic pairings on smartcards. In Cryptographic hardware and embedded systems (CHES 2006) (pp. 134–147). Berlin: Springer.
Acknowledgments
We would like to thank the anonymous reviewers for their positive suggestions and comments that highly improve the readability and completeness of the paper. Also we would like to acknowledge the management of VIT University for providing the wonderful support to do the research work.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Karuppiah, M., Saravanan, R. A Secure Authentication Scheme with User Anonymity for Roaming Service in Global Mobility Networks. Wireless Pers Commun 84, 2055–2078 (2015). https://doi.org/10.1007/s11277-015-2524-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-015-2524-x