Abstract
The concept of anonymous channel ticket is one of the effective measures to protect user privacy and to reduce the overhead of re-authentication for wireless environments. Most recently, Hsieh et al. proposed an anonymous authentication protocol based on elliptic curve cryptography to enhance the efficiency and security strength. However, we identify that Hsieh et al.’s scheme has four weaknesses. (1) The scheme fails to provide identity anonymity. (2) The ticket authentication phase of the scheme suffers from desynchronization attack. (3) The scheme is vulnerable to the privileged insider attack. (4) Users cannot change passwords when required. We further propose an improved authentication scheme, which not only preserves the merits of the scheme of Hsieh et al., but also enjoys several other advantages. Our improved scheme is effective in protection from the weaknesses identified and achieves user anonymity and unlinkability. We compare the functionality and performance of our improved scheme with other related schemes, which indicates that our scheme is more secure and yet efficient for wireless access networks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Samfat, D., Molva, R., & Asokan, N. (1995). Untraceability in mobile networks. In ACM Mobicom’95 (pp. 26–36).
Boyd, C., & Mathuria, A. (2000). Key establishment protocols for secure mobile communications: A critical survey. Computer Communications, 23(5–6), 575–587.
Jiang, Y. X., Lin, C., & Shen, X. M. (2006). Mutual authentication and key exchange protocols for roaming services in wireless mobile networks. IEEE Transactions on Wireless Communications, 5(9), 2569–2577.
Yang, G. M., Wong, D. S., & Deng, X. T. (2007). Anonymous and authenticated key exchange for roaming networks. IEEE Transactions on Wireless Communications, 6(9), 1035–1042.
Debiao, H., Jianhua, C., & Jin, H. (2012). An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Information Fusion, 13(3), 223–230.
Debiao, H. (2012). An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings. Ad Hoc Networks, 10(6), 1009–1016.
Zhu, J., & Ma, J. (2004). A new authentication scheme with anonymity for wireless environments. IEEE Transaction on Consumer Electronics, 50(1), 230–234.
Lee, C. C., Hwang, M. S., & Liao, I. E. (2006). Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE Transaction on Industrial Electronics, 53(5), 1683–1687.
Wu, C. C., Lee, W. B., & Tsaur, W. J. (2008). A secure authentication scheme with anonymity for wireless communications. IEEE Communications Letters, 12(10), 722–723.
Zeng, P., Cao, Z. F., Choo, K.-K. R., & Wang, S. (2009). On the anonymity of some authentication schemes for wireless communications. IEEE Communications Letters, 13(3), 170–171.
Lee, J. S., Chang, J. H., & Lee, D. H. (2009). Security flaw of authentication scheme with anonymity for wireless communications. IEEE Communications Letters, 13(5), 292–293.
Chen, C.-L., Lee, C.-C., & Hsu, C.-Y. (2012). Mobile device integration of a fingerprint biometric remote authentication scheme. International Journal of Communication Systems, 25(5), 585–597.
Ma, C.-G., Wang, D., & Zhao, S.-D. (2012). Security flaws in two improved remote user authentication schemes using smart cards. International Journal of Communication Systems. doi:10.1002/dac.2468.
He, D. J., Ma, M. D., Zhang, Y., & Chen, C. (2011). A strong user authentication scheme with smart cards for wireless communications. Computer Communications, 34(3), 367–374.
Chang, C. C., Lee, C. Y., & Chiu, Y. C. (2009). Enhanced authentication scheme with anonymity for roaming service in global mobility networks. Computer Communications, 32(4), 611–618.
Youn, T. Y., Park, Y. H., & Lim, J. (2009). Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks. IEEE Communications Letters, 13(7), 471–473.
He, D., Chan, S., Chen, C., & Bu, J. (2011). Design and validation of an efficient authentication scheme with anonymity for roaming service in global mobility networks. Wireless Personal Communications, 61(2), 465–476.
Yoon, E.-J., Yoo, K.-Y., & Ha, K.-S. (2011). A user friendly authentication scheme with anonymity for wireless communications. Computers & Electrical Engineering, 37(3), 356–364.
Chen, C., He, D., Chan, S., et al. (2011). Lightweight and provably secure user authentication with anonymity for the global mobility network. International Journal of Communication Systems, 24(3), 347–362.
Xu, J., Zhu, W. T., & Feng, D. G. (2011). An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks. Computer Communications, 34(3), 319–325.
Zhou, T., & Xu, J. (2011). Provable secure authentication protocol with anonymity for roaming service in global mobility networks. Computer Networks, 55(1), 205–213.
Li, C.-T., & Lee, C.-C. (2012). A novel user authentication and privacy preserving scheme with smart cards for wireless communications. Mathematical and Computer Modelling, 55(1–2), 35–44.
Niu, J., & Li, X. (2012). A novel user authentication scheme with anonymity for wireless communications. Security and Communication Networks. doi:10.1002/sec.601.
Wu, S., Zhu, Y., & Pu, Q. (2011). A novel lightweight authentication scheme with anonymity for roaming service in global mobility networks. International Journal of Network Management. doi:10.1002/nem.764.
Jiang, Q., Ma, J., Li, G., & Yang, L. (2012). An enhanced authentication scheme with anonymity for roaming service in global mobility networks. Wireless Personal Communications. doi:10.1007/s11277-012-0535-4.
Lin, W. D., & Jan, J. (2001). A wireless-based authentication and anonymous channels for large scale area. In Proceedings of the IEEE symposium on computers and communications (pp. 36–41). Hammamet, Tunisia.
Barbancho, A. M., & Peinado, A. (2003). Cryptanalysis of anonymous channel protocol for large-scale area in wireless communications. Computer Networks, 43, 777–785.
Yang, C. C., Tang, Y. L., Wang, R. C., & Yang, H. W. (2005). A secure and efficient authentication protocol for anonymous channel in wireless communications. Applied Mathematics and Computation, 169(2), 1431–1439.
Chen, Y. C., Chuang, S. C., Yeh, L. Y., & Huang, J. L. (2011). A practical authentication protocol with anonymity for wireless access networks. Wireless Communications and Mobile Computing, 11, 1366–1375.
Lee, C. C., Lin, T. H., & Tsai, C. S. (2012). Cryptanalysis of a secure and efficient authentication protocol for anonymous channel in wireless communications. Security and Communication Networks. doi:10.1002/sec.430.
Hsieh, W.-B., & Leu, J.-S. (2012). Anonymous authentication protocol based on elliptic curve Diffie–Hellman for wireless access networks. Wireless Communications and Mobile Computing. doi:10.1002/wcm.2252.
Koblitz, N. (1987). Elliptic curve cryptosystems. Mathematics of Computation, 48, 203–209.
Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transaction on Computer System, 8(1), 18–36.
Acknowledgments
This work is supported by Supported by Program for Changjiang Scholars and Innovative Research Team in University (Program No. IRT1078), National Natural Science Foundation of China (Program Nos. U1135002, 61173135, 61202389, 61202390, 61201220), Natural Science Basic Research Plan in Shaanxi Province of China (Program No. 2012JQ8043), Fundamental Research Funds for the Central Universities (Program Nos. JY10000903001, K50511030004).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jiang, Q., Ma, J., Li, G. et al. An Efficient Ticket Based Authentication Protocol with Unlinkability for Wireless Access Networks. Wireless Pers Commun 77, 1489–1506 (2014). https://doi.org/10.1007/s11277-013-1594-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-013-1594-x