Skip to main content
SpringerLink
Log in

A Secure Authentication Scheme with User Anonymity for Roaming Service in Global Mobility Networks

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

In global mobility networks, user authentication is an essential security mechanism that permits mobile users to use the roaming services offered by foreign agents with the support of home agent in mobile network environment. Recently, Rhee et al. analyzed Wu et al. and Wei et al. authentication scheme, and proposed a smart card based user authentication scheme with user anonymity in global mobility networks. However, in this paper, we find that Rhee et al. scheme is vulnerable to user impersonation attacks and off-line password guessing attacks. Moreover, the scheme does not preserve user anonymity; does not provide perfect forward secrecy, and an option to change/update the password; and does not detect wrong password quickly. Hence we propose a secure authentication scheme with user anonymity for roaming service in global mobility networks. Furthermore, performance analysis shows that compared with existing authentication schemes, our proposed scheme is simple and secure.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Suzuki, S., & Nakada, K. (1997). An authentication technique based on distributed security management for the global mobility network. IEEE Journal on Selected Areas in Communications, 15(8), 1608–1617.

    Article  Google Scholar 

  2. Huang, X., Xiang, Y., Chonka, A., Zhou, J., & Deng, R. H. (2011). A generic framework for three-factor authentication: Preserving security and privacy in distributed systems. IEEE Transactions on Parallel and Distributed Systems, 22(8), 1390–1397.

    Article  Google Scholar 

  3. Zhu, J., & Ma, J. (2004). A new authentication scheme with anonymity for wireless environments. IEEE Transactions on Consumer Electronics, 50(1), 231–235.

    Article  MathSciNet  Google Scholar 

  4. Lee, C.-C., Hwang, M.-S., & Liao, I.-E. (2006). Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE Transactions on Industrial Electronics, 53(5), 1683–1687.

    Article  Google Scholar 

  5. Wei, Y., Qiu, H., & Hu, Y. (2006) Security analysis of authentication scheme with anonymity for wireless environments. In International conference on communication technology, 2006 (ICCT’06) (pp. 1–4), IEEE.

  6. Chia-Chun, W., Lee, W.-B., & Tsaur, W.-J. (2008). A secure authentication scheme with anonymity for wireless communications. IEEE Communications Letters, 12(10), 722–723.

    Article  Google Scholar 

  7. Jing, X., & Feng, D. (2009). Security flaws in authentication protocols with anonymity for wireless environments. ETRI Journal, 31(4), 460–462.

    Article  Google Scholar 

  8. Lee, J.-S., Chang, J. H., & Lee, D. H. (2009). Security flaw of authentication scheme with anonymity for wireless communications. IEEE Communications Letters, 13(5), 292–293.

    Article  Google Scholar 

  9. Wang, C.-H., Wei, T.-C., Lee, P.-C., & Wu, C.-C. (2009). An improvement of secure authentication scheme with full anonymity for wireless communications. In Proceedings of the 2nd international conference on interaction sciences: information technology, culture and human (pp. 115–118), ACM.

  10. Jeon, W., Kim, J., Lee, Y., & Won, D. (2012). Security analysis of authentication scheme for wireless communications with user anonymity. In Information technology convergence, secure and trust computing, and data management (pp. 225–231). Berlin: Springer.

  11. Chang, C.-C., Lee, C.-Y., & Chiu, Y.-C. (2009). Enhanced authentication scheme with anonymity for roaming service in global mobility networks. Computer Communications, 32(4), 611–618.

    Article  Google Scholar 

  12. Youn, T.-Y., Park, Y.-H., & Lim, J. (2009). Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks. IEEE Communications Letters, 13(7), 471–473.

    Article  Google Scholar 

  13. Zeng, P., Cao, Z., Choo, K., & Wang, S. (2009). On the anonymity of some authentication schemes for wireless communications. IEEE Communications Letters, 13(3), 170–171.

    Article  Google Scholar 

  14. He, D., Ma, M., Zhang, Y., Chen, C., & Jiajun, B. (2011). A strong user authentication scheme with smart cards for wireless communications. Computer Communications, 34(3), 367–374.

    Article  Google Scholar 

  15. Li, C.-T., & Lee, C.-C. (2012). A novel user authentication and privacy preserving scheme with smart cards for wireless communications. Mathematical and Computer Modelling, 55(1), 35–44.

    Article  MATH  MathSciNet  Google Scholar 

  16. Jeon, W., Lee, Y., & Won, D. (2013). An efficient user authentication scheme with smart cards for wireless communications. International Journal of Security & Its Applications, 7(4), 1–5.

  17. Ashok Kumar Das. (2013). A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Networking Science, 2(1–2), 12–27.

    Google Scholar 

  18. Wen, F., Susilo, W., & Yang, G. (2014). A robust smart card-based anonymous user authentication protocol for wireless communications. Security and Communication Networks, 7(6), 987–993.

    Article  Google Scholar 

  19. Jing, X., Zhu, W.-T., & Feng, D.-G. (2011). An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks. Computer Communications, 34(3), 319–325.

    Article  Google Scholar 

  20. Rhee, H. S. (2011). Improved user authentication scheme with user anonymity for wireless communications. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences,94(2), 860–864.

  21. Jian-bin, H., Xiong, H., & Chen, Z. (2012). Further improvement of an authentication scheme with user anonymity for wireless communications. IJ Network Security, 14(5), 297–300.

    Google Scholar 

  22. He, D., Chan, S., Chen, C., Jiajun, B., & Fan, R. (2011). Design and validation of an efficient authentication scheme with anonymity for roaming service in global mobility networks. Wireless Personal Communications, 61(2), 465–476.

    Article  Google Scholar 

  23. Yoon, E.-J., Yoo, K.-Y., & Ha, K.-S. (2011). A user friendly authentication scheme with anonymity for wireless communications. Computers & Electrical Engineering, 37(3), 356–364.

    Article  Google Scholar 

  24. Niu, J., & Li, X. (2014). A novel user authentication scheme with anonymity for wireless communications. Security and Communication Networks, 7(10), 1467–1476.

  25. Li, C.-T. (2012). A more secure and efficient authentication scheme with roaming service and user anonymity for mobile communications. Information Technology and Control, 41(1), 69–76.

    Article  Google Scholar 

  26. Mun, H., Han, K., Lee, Y. S., Yeun, C. Y., & Choi, H. H. (2012). Enhanced secure anonymous authentication scheme for roaming service in global mobility networks. Mathematical and Computer Modelling, 55(1), 214–222.

    Article  MATH  MathSciNet  Google Scholar 

  27. Kim, J.-S., & Kwak, J. (2012). Improved secure anonymous authentication scheme for roaming service in global mobility networks. International Journal of Security and Its Applications, 6(3), 45–54.

    Google Scholar 

  28. Jiang, Q., Ma, J., Li, G., & Yang, L. (2013). An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wireless Personal Communications, 68(4), 1477–1491.

    Article  Google Scholar 

  29. Wen, F., Susilo, W., & Yang, G. (2013). A secure and effective anonymous user authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 73(3), 993–1004.

    Article  Google Scholar 

  30. Li, H., Yang, Y., & Pang, L. (2013). An efficient authentication protocol with user anonymity for mobile networks. In 2013 IEEE wireless communications and networking conference (WCNC) (pp. 1842–1847), IEEE.

  31. Xie, Q., Bin, H., Tan, X., Bao, M., & Xiuyuan, Y. (2014). Robust anonymous two-factor authentication scheme for roaming service in global mobility network. Wireless Personal Communications, 74(2), 601–614.

    Article  Google Scholar 

  32. Jing, X., & Zhu, W.-T. (2013). A generic framework for anonymous authentication in mobile networks. Journal of Computer Science and Technology, 28(4), 732–742.

    Article  MATH  Google Scholar 

  33. Zhao, D., Peng, H., Li, L., & Yang, Y. (2013). A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 78(1), 247–269.

  34. Hu, B., Bao, M., & Dong, N. (2014). Improvement of user authentication protocol with anonymity for wireless communications. Kuwait Journal of Science, 41(1), 155–169.

  35. Kuo, W.-C., Wei, H.-J., & Cheng, J.-C. (2014). An efficient and secure anonymous mobility network authentication scheme. Journal of Information Security and Applications, 19(1), 18–24.

  36. Liu, J., Wang, D., & Wang, P. (2014). Improved privacy-preserving authentication scheme for roaming service in mobile networks. In 2014 IEEE wireless communications and networking conference (WCNC).

  37. Zhou, N., Chen, X., Li, C., & Xue, Z. (2014). Secrecy rate of two-hop af relaying networks with an untrusted relay. Wireless Personal Communications, 75(1), 119–129.

    Article  Google Scholar 

  38. Jiang, Q., Ma, J., Li, G., & Yang, L. (2014). An efficient ticket based authentication protocol with unlinkability for wireless access networks. Wireless Personal Communications, 77(2), 1489–1506.

  39. He, D., Zhang, Y., & Chen, J. (2014). Cryptanalysis and improvement of an anonymous authentication protocol for wireless access networks. Wireless Personal Communications, 74(2), 229–243.

    Article  Google Scholar 

  40. ElGamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. In Advances in cryptology (pp. 10–18). Berlin: Springer.

  41. Rivest, R. (1992). Rfc 1321: The md5 message-digest algorithm. Technical report RFC 1321, IETFl.

  42. Secure Hash Standard. Technical report fips pub 180-1. US Department of Commerce/National Institute of Standards and Technology, 1995.

  43. Diffie, W., & Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654.

    Article  MATH  MathSciNet  Google Scholar 

  44. Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.

    Article  MATH  MathSciNet  Google Scholar 

  45. Jing, X., Zhu, W.-T., & Feng, D.-G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces, 31(4), 723–728.

    Article  Google Scholar 

  46. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in cryptology (CRYPTO99) (pp. 388–397). Berlin: Springer

  47. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  MathSciNet  Google Scholar 

  48. Wang, D., Ma, C., & Wu, P. (2012). Secure password-based remote user authentication scheme with non-tamper resistant smart cards. In Data and applications security and privacy XXVI (pp. 114–121). Berlin: Springer

  49. Sood, S. K. (2011). Secure dynamic identity-based authentication scheme using smart cards. Information Security Journal: A Global Perspective, 20(2), 67–77.

    Google Scholar 

  50. Tapiador, J. E., Hernandez-Castro, J. C., Peris-Lopez, P., & Clark, J. A. (2011). Cryptanalysis of song’s advanced smart card based password authentication protocol. arXiv preprint arXiv:1111.2744

  51. Shim, K.-A. (2012). Security flaws in three password-based remote user authentication schemes with smart cards. Cryptologia, 36(1), 62–69.

    Article  MathSciNet  Google Scholar 

  52. He, D., & Shuhua, W. (2013). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications, 70(1), 323–329.

    Article  Google Scholar 

  53. Wang, D., Ma, C., Gu, D., & Cui, Z. (2012). Cryptanalysis of two dynamic id-based remote user authentication schemes for multi-server architecture. In Network and system security (pp. 462–475). Berlin: Springer.

  54. Ma, C., Wang, D., & Zhao, S.-D. (2014). Security flaws in two improved remote user authentication schemes using smart cards. International Journal of Communication Systems, 27(10), 2215–2227.

  55. Wang, D., & Wang, P. (2014). Offline dictionary attack on password authentication schemes using smart cards. IACR Cryptology ePrint Archive, 2014, 208.

    Google Scholar 

  56. Wang, D., & Wang, P. (2014). On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions. Computer Networks, 73(14), 41–57.

  57. Karuppiah, M., & Saravanan, R. (2014). A secure remote user mutual authentication scheme using smart cards. International Journal of Security and Its Applications, 19(4–5), 282–294.

    Article  Google Scholar 

  58. Kasper, T., Oswald, D., & Paar, C. (2012). Side-channel analysis of cryptographic rfids with analog demodulation. In RFID security and privacy (pp. 61–77). Berlin: Springer.

  59. Scott, M., Costigan, N., & Abdulwahab, W. (2006). Implementing cryptographic pairings on smartcards. In Cryptographic hardware and embedded systems (CHES 2006) (pp. 134–147). Berlin: Springer.

Download references

Acknowledgments

We would like to thank the anonymous reviewers for their positive suggestions and comments that highly improve the readability and completeness of the paper. Also we would like to acknowledge the management of VIT University for providing the wonderful support to do the research work.

Author information

Authors and Affiliations

  1. School of Computing Science and Engineering, VIT University, Vellore, 632014, India

    Marimuthu Karuppiah

  2. School of Information Technology and Engineering, VIT University, Vellore, 632014, India

    R. Saravanan

Authors
  1. Marimuthu Karuppiah
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. Saravanan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marimuthu Karuppiah.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Karuppiah, M., Saravanan, R. A Secure Authentication Scheme with User Anonymity for Roaming Service in Global Mobility Networks. Wireless Pers Commun 84, 2055–2078 (2015). https://doi.org/10.1007/s11277-015-2524-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-015-2524-x

Keywords

Search

Navigation