Abstract
Up till now, numerous authentication and key agreement schemes have been proposed for ubiquitous networks. Recently, Arshad and Rasoolzadegan also proposed an authentication and key agreement scheme for ubiquitous network with user anonymity. However, we determined that Arshad and Rasoolzadegan’s scheme has the following flaws: (1) the login phase is inefficient, which may lead to server resource exhaustion attacks; (2) the password change phase is inefficient and not user-friendly; and (3) the revocation phase arisen when the mobile device is lost and the re-register phase is absent. Therefore, we propose an improved scheme that successfully removes all of the previous mentioned flaws existing in Arshad and Rasoolzadegan’s protocol by using the biometric based authentication. Formal analysis of the proposed scheme is conducted using the random oracle model, and heuristic analysis is also conducted to demonstrate that the proposed scheme fulfills all of the security requirements. In addition, the proposed scheme is validated by the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Moreover, computational and communication cost comparisons indicate that our improved scheme is more suitable for ubiquitous networks.
Similar content being viewed by others
References
Abdalla M, Fouque PA, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: Vaudenay S (ed) Public key cryptography - PKC 2005. PKC 2005. Lecture Notes in Computer Science. Springer, Berlin, p 3386
Arshad H, Rasoolzadegan A (2017) A secure authentication and key agreement scheme for roaming service with user anonymity. Int J Commun Syst 30(18):e3361
Alzahrani BA, Chaudhry SA, Barnawi A, Al-Barakati A, Alsharif MH (2020) A privacy preserving authentication scheme for roaming in IoT-based wireless mobile networks. Symmetry 2020:287–305
AVISPA (2021) Automated validation of internet security protocols and applications. Available online: http://www.avispa-project.org/http://www.avispa-project.org/
Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8(1):18–36
Bellovin SM, Merritt M (1992) Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings 1992 IEEE computer society symposium on research in security and privacy, Oakland, CA, USA, pp 72–84
Boyko V, MacKenzie P, Patel S (2000) Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel B (ed) Advances in cryptology — EUROCRYPT 2000. Lecture Notes in Computer Science. Springer, Berlin, p 1807
Chen C, He D, Chan S, Bu J, Gao Y, Fan R (2011) Lightweight and provably secure user authentication with anonymity for the global mobility network. Int J Commun Syst 24(3):347–362
Chaudhry SA, Albeshri A, Xiong N, Lee C, Shon T (2017) A privacy preserving authentication scheme for roaming in ubiquitous networks. Clust Comput 20(2):1223–1236
Dolev D, Yao AC (2006) On the security of public key protocols. IEEE Trans Inf Theory 29 (2):198–208
Eisenbarth T, Kasper T, Moradi A, Paar C, Salmasizadeh M, Shalmani MTM (2008) On the power of power analysis in the real world: a complete break of the keeloq code hopping scheme. In: Wagner D (ed) Advances in cryptology - CRYPTO 2008. Lecture notes in computer science. Springer, Berlin, p 5157
Farash MS, Chaudhry SA, Heydari M, Sadough S, Kumari S, Khan MK (2015) A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int J Commun Syst 30(4):e3019
Gope P, Hwang T (2015) Enhanced secure mutual authentication and key agreement scheme preserving user anonymity in global mobile networks. Wirel Pers Commun 82(4):2231–2245
Hankerson D, Menezes AJ, Vanstone S (2004) Guide to elliptic curve cryptography. Springer, Berlin
He D, Chan S, Chen C, Bu J, Fan R (2011) Design and validation of an efficient authentication scheme with anonymity for roaming service in global mobility networks. Wirel Pers Commun 61(2):465–476
He D, Wang D (2015) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823
Lee H, Lee D, Moon J, Jung J, Kang D, Kim H (2018) An improved anonymous authentication scheme for roaming in ubiquitous networks. PLoS One 13(3):e0193366
Ignatenko T, Willems FMJ (2009) Biometric systems: privacy and secrecy aspects. IEEE Trans Inf Forensics Secur 4(4):956–973
Jiang Q, Ma J, Li G, Yang L (2013) An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wirel Pers Commun 68(4):1477–1491
Jung J, Kang D, Lee D, Won D (2017) An improved and secure anonymous biometric-based user authentication with key agreement scheme for the integrated EPR information system. PLos One 12 (1):e0169414
Karuppiah M, Kumari S, Das AK, Li X, Wu F, Basu S (2016) A secure lightweight authentication scheme with user anonymity for roaming service in ubiquitous networks. Secur Commun Netw 9(17):4192–4209
Kumari S, Khan MK, Li X, Wu F (2016) Design of a user anonymous password authentication scheme without smart card. Int J Commun Syst 29(3):441–458
Kumari S, Li X, Wu F, Das AK, Odelu V, Khan MK (2016) A user anonymous mutual authentication protocol. KSII Trans Internet Inf Syst 10(9):4508–4528
Lee CC, Hwang MS, Liao IE (2006) Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE Trans Ind Electron 53(5):1683–1687
Lee TF (2015) Provably secure anonymous single-sign-on authentication mechanisms using extended chebyshev chaotic maps for distributed computer networks. IEEE Syst J 12(2):1499–1505
Lu Y, Xu G, Li L, Yang Y (2019) Robust privacy-preserving mutual authenticated key agreement scheme in roaming service for global mobility networks. IEEE Syst J 13(2):1454–1465
Mun H, Han K, Lee YS, Yeun CY, Choi HH (2012) Enhanced secure anonymous authentication scheme for roaming service in global mobility networks. Math Comput Model 55(1-2):214– 222
Oheimb VD (2005) The high-level protocol specification language HLPSL developed in the EU project AVISPA. In: Proceedings of the 3rd APPSEM II (Applied Semantics II) Workshop (APPSEM’05), Germany
Odelu V, Das AK, Kumari S, Huang X, Wazid M (2017) Provably secure authenticated key agreement scheme for distributed mobile cloud computing services. Futur Gener Comput Syst 68: 74–88
Reddy AG, Das AK, Odelu V, Yoo KY (2016) An enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography. PLos One 11(5):e0154308
Kumari S, Khan MK, Atiquzzaman M (2015) User authentication schemes for wireless sensor networks: a review. Ad Hoc Netw 27:159–194
Khatoon S, Singh Thakur B (2020) Cryptanalysis and improvement of authentication scheme for roaming service in ubiquitous network. Cryptologia 44(4):315–340
Ostad-Sharif A, Babamohammadi A, Abbasinezhad-Mood D, Nikooghadam M (2019) Efficient privacy-preserving authentication scheme for roaming consumer in global mobility networks. Int J Commun Syst 32(5):e3904
Wu CC, Lee WB, Tsaur WJ (2008) A secure authentication scheme with anonymity for wireless communications. IEEE Commun Lett 12(10):722–723
Wen F, Susilo W, Yang G (2013) A secure and effective anonymous user authentication scheme for roaming service in global mobility networks. Wirel Pers Commun 73(3):993–1004
Wang D, He D, Wang P, Chu CH (2015) Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Depend Secur Comput 12(4):428–442
Wazid M, Das AK, Kumari S, Li X, Wu F (2016) Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS. Secur Commun Netw 9(13):1983–2001
Wang D, Wang P (2018) Two birds with one stone: two-factor authentication with security beyond conventional bound. IEEE Trans Depend Secur Comput 15(4):708–722
Wu F, Xu L, Kumari S, Li X, Khan MK, Das AK (2017) An enhanced mutual authentication and key agreement scheme for mobile user roaming service in global mobility networks. Ann Telecommun 72(3-4):131–144
Wang C, Xu G (2017) Cryptanalysis of three password-based remote user authentication schemes with non-tamper-resistant smart card. Secur Commun Netw 2017:e1619741
Wang C, Wang D, Xu G, Guo Y (2017) A lightweight password-based authentication protocol using smart card. Int J Commun Syst 30(16):e3336
Xie Q, Hu B, Tan X, Bao B, Yu X (2014) Robust anonymous two-factor authentication scheme for roaming service in global mobility network. Wirel Pers Commun 74(2):601–614
Xie Q, Hu B, Tan X, Wong DS (2017) Chaotic maps-based strong anonymous authentication scheme for roaming services in global mobility networks. Wirel Pers Commun 96(4):5881–5896
Xu L, Wu F (2015) Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J Med Syst 39(10)
Zhao D, Peng H, Li L, Yang Y (2014) A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wirel Pers Commun 78(1):247–269
Jiang Q, Zeadally S, Ma J, He D (2017) Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks. IEEE Access 5:3376–3392
Zhu J, Ma J (2004) A new authentication scheme with anonymity for wireless environments. IEEE Trans Consum Electron 50(1): 231–235
Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48(177):203–209
Miller VS (1986) Use of elliptic curves in cryptography. In: Williams HC (ed) Advances in Cryptology — CRYPTO ’85 Proceedings. CRYPTO 1985, Lecture Notes in Computer Science, 218, Springer, pp 417–426
Blake I, Seroussi G, Smart N (1999) Elliptic curves in cryptography (London mathematical society lecture note series). Cambridge University Press, Cambridge
Funding
This work is supported by the Department of Science and Technology (DST), Government of India under Women Scientist Scheme A (WOS-A) under Grant No. SR/WOS-A/PM-10/2018.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Khatoon, S., Chen, TY. & Lee, CC. An improved user authentication and key agreement scheme for roaming service in ubiquitous network. Ann. Telecommun. 77, 621–640 (2022). https://doi.org/10.1007/s12243-021-00895-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12243-021-00895-3