Abstract
Recently, user authentication schemes for mobile devices have become increasingly critical. Because of wide use, numerous services for mobile devices are provided, and will continue to be required in the future. Occasionally, users must log on to a server to obtain services, and the server must authenticate that user. Because device resources, such as batteries, are always limited, the authentication scheme must be effective and secure. Recently, Mun et al. proposed their protocol to address this concern, claiming that their more effective scheme overcomes the weaknesses of previously proposed schemes. However, we determined that Mun et al.’s scheme is still sensitive to a masquerade attack and a man-in-the-middle attack, and fails to realize anonymity and prefect forward secrecy. In this field, we propose a novel scheme, which only uses one-way hash functions and exclusive-OR operations to implement user authentication for roaming services. The proposed scheme both solves the problems of Mun et al.’s scheme and be more effective.
Similar content being viewed by others
References
Alevras, D., Grotschel, M., Jonas, P., Paul, U., & Wessaly, R. (1998). Survivable mobile phone network architectures: models and solution methods. IEEE Communications Magazine, 36(3), 88–93.
Argyroudis, P. G., Verma, R., Tewari, H., & O’Mahony, D. (2004). Performance analysis of cryptographic protocols on handheld devices. In Proceedings of the third IEEE international conference on Network Computing and Applications (pp. 169–174). Cambridge.
Chang, C. C., Lee, C. Y., & Chiu, Y. C. (2009). Enhanced Authentication scheme with anonymity for roaming service in global networks. Computer Communications, 32(4), 611–618.
Chang, M. F., Lin, Y. B., & Su, S. C. (1998). Improving the fault tolerance of GSM networks. IEEE Network, 12(1), 58–63.
Gope, P., & Hwang, T. (2015). Lightweight and energy-efficient mutual authentication and key agreement scheme with user anonymity for secure communication in global mobility networks. IEEE Systems Journal,. doi:10.1109/JSYST.2015.2416396.
He, D., Ma, M., Zhang, Y., Chen, C., & Bu, J. (2011). A strong user authentication scheme with smart cards for wireless communications. Computer Communications, 34(3), 367–374.
Krishnamurthy, P., & Kabara, J. (2000). Security architecture for wireless residential networks. In Proceedings of Vehicular Technology Conference. IEEE VTS-Fall VTC 2000. 52nd, Telecommun. (vol. 4, pp. 1990–1996). Panama, Program.
Lee, C. C., Hwang, M. S., & Liao, I. E. (2006). Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE Transactions on Industrial Electronics, 53(5), 1683–1687.
Horn, G., & Preneel, B. (1998). Authentication and payment in future mobile systems. Computer Security—ESORICS 98, Lecture Notes in Computer Science, 1485(19), 277–293.
Long, M., & Wu, C. H. J. (2006). Energy-efficient and intrusion-resilient authentication for ubiquitous access to factory floor information. IEEE Transactions on Industrial Informatics, 2(1), 40–47.
Mun, H., Han, K., Lee, Y. S., Yeun, C. Y., & Choi, H. H. (2012). Enhanced secure anonymous authentication scheme for roaming service in global mobility networks. Mathematical and Computer Modelling, 55(1–2), 214–222.
Passing, M., & Dressler, F. (2006). Experimental performance evaluation of cryptographic algorithms. In Proceedings of the third IEEE international conference on mobile adhoc and sensor systems (MASS) (pp. 882–887). Vancouver, Canada.
Park, J., Go, J., & Kim, K. (2001). Wireless authentication protocol preserving user anonymity. In Proceedings of Symposium on Cryptography and Information Security (pp. 23–26). Oiso, Japan.
Rahman, M. G., & Imai, H. (2002). Security in wireless communication. Wireless Personal Communications, 22(2), 213–228.
Tzeng, Z. J., & Tzeng, W. G. (2001). Authentication of mobile users in third generation mobile system. Wireless Personal Communications, 16(1), 35–50.
Xu, J., & Feng, D. (2009). Security flaws in authentication protocols with anonymity for wireless environments. ETRI Journal, 31(4), 460–462.
Wong, D. S., Fuentes, H. H., & Chan, A. H. (2011). The performance measurement of cryptographic primitives on palm devices. In Proceedings of the 17th annual computer security applications conference (ACSAC 2001) (pp. 92–101). New Orleans, USA.
Wu, C. C., Lee, W. B., & Tsaur, W. J. (2008). A secure authentication scheme with anonymity for wireless communications. IEEE Communications Letters, 12(10), 722–723.
Xue, K., & Hong, P. (2012). Security improvement on an anonymous key agreement protocol based on chaotic maps. Communications in Nonlinear Science and Numerical Simulation, 17(7), 2969–2977.
Zeng, P., Cao, Z., Choo, K. K. R., & Wang, S. (2009). On the anonymity of some authentication schemes for wireless communications. IEEE Communications Letters, 13(3), 170–171.
Zhao, D., Peng, H., Li, L., & Yang, Y. (2014). A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 78(1), 247–269.
Zhu, J., & Ma, J. (2004). A new authentication scheme with anonymity for wireless environments. IEEE Transactions on Consumer Electronics, 50(1), 231–235.
Acknowledgments
The authors would like to express their appreciation to the anonymous referees for their valuable suggestions and comments. This research was partially supported by the Ministry of Science and Technology, Taiwan, R.O.C., under contract no.: MOST 105-2221-E-030-012.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lee, CC., Lai, YM., Chen, CT. et al. Advanced Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks. Wireless Pers Commun 94, 1281–1296 (2017). https://doi.org/10.1007/s11277-016-3682-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-016-3682-1