Skip to main content
SpringerLink
Log in

An improved user authentication and key agreement scheme for roaming service in ubiquitous network

  • Published:
Annals of Telecommunications Aims and scope Submit manuscript

Abstract

Up till now, numerous authentication and key agreement schemes have been proposed for ubiquitous networks. Recently, Arshad and Rasoolzadegan also proposed an authentication and key agreement scheme for ubiquitous network with user anonymity. However, we determined that Arshad and Rasoolzadegan’s scheme has the following flaws: (1) the login phase is inefficient, which may lead to server resource exhaustion attacks; (2) the password change phase is inefficient and not user-friendly; and (3) the revocation phase arisen when the mobile device is lost and the re-register phase is absent. Therefore, we propose an improved scheme that successfully removes all of the previous mentioned flaws existing in Arshad and Rasoolzadegan’s protocol by using the biometric based authentication. Formal analysis of the proposed scheme is conducted using the random oracle model, and heuristic analysis is also conducted to demonstrate that the proposed scheme fulfills all of the security requirements. In addition, the proposed scheme is validated by the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Moreover, computational and communication cost comparisons indicate that our improved scheme is more suitable for ubiquitous networks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Abdalla M, Fouque PA, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: Vaudenay S (ed) Public key cryptography - PKC 2005. PKC 2005. Lecture Notes in Computer Science. Springer, Berlin, p 3386

  2. Arshad H, Rasoolzadegan A (2017) A secure authentication and key agreement scheme for roaming service with user anonymity. Int J Commun Syst 30(18):e3361

    Article  Google Scholar 

  3. Alzahrani BA, Chaudhry SA, Barnawi A, Al-Barakati A, Alsharif MH (2020) A privacy preserving authentication scheme for roaming in IoT-based wireless mobile networks. Symmetry 2020:287–305

    Article  Google Scholar 

  4. AVISPA (2021) Automated validation of internet security protocols and applications. Available online: http://www.avispa-project.org/http://www.avispa-project.org/

  5. Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8(1):18–36

    Article  MATH  Google Scholar 

  6. Bellovin SM, Merritt M (1992) Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings 1992 IEEE computer society symposium on research in security and privacy, Oakland, CA, USA, pp 72–84

  7. Boyko V, MacKenzie P, Patel S (2000) Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel B (ed) Advances in cryptology — EUROCRYPT 2000. Lecture Notes in Computer Science. Springer, Berlin, p 1807

  8. Chen C, He D, Chan S, Bu J, Gao Y, Fan R (2011) Lightweight and provably secure user authentication with anonymity for the global mobility network. Int J Commun Syst 24(3):347–362

    Article  Google Scholar 

  9. Chaudhry SA, Albeshri A, Xiong N, Lee C, Shon T (2017) A privacy preserving authentication scheme for roaming in ubiquitous networks. Clust Comput 20(2):1223–1236

    Article  Google Scholar 

  10. Dolev D, Yao AC (2006) On the security of public key protocols. IEEE Trans Inf Theory 29 (2):198–208

    Article  MathSciNet  MATH  Google Scholar 

  11. Eisenbarth T, Kasper T, Moradi A, Paar C, Salmasizadeh M, Shalmani MTM (2008) On the power of power analysis in the real world: a complete break of the keeloq code hopping scheme. In: Wagner D (ed) Advances in cryptology - CRYPTO 2008. Lecture notes in computer science. Springer, Berlin, p 5157

  12. Farash MS, Chaudhry SA, Heydari M, Sadough S, Kumari S, Khan MK (2015) A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int J Commun Syst 30(4):e3019

    Article  Google Scholar 

  13. Gope P, Hwang T (2015) Enhanced secure mutual authentication and key agreement scheme preserving user anonymity in global mobile networks. Wirel Pers Commun 82(4):2231–2245

    Article  Google Scholar 

  14. Hankerson D, Menezes AJ, Vanstone S (2004) Guide to elliptic curve cryptography. Springer, Berlin

    MATH  Google Scholar 

  15. He D, Chan S, Chen C, Bu J, Fan R (2011) Design and validation of an efficient authentication scheme with anonymity for roaming service in global mobility networks. Wirel Pers Commun 61(2):465–476

    Article  Google Scholar 

  16. He D, Wang D (2015) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823

    Article  Google Scholar 

  17. Lee H, Lee D, Moon J, Jung J, Kang D, Kim H (2018) An improved anonymous authentication scheme for roaming in ubiquitous networks. PLoS One 13(3):e0193366

    Article  Google Scholar 

  18. Ignatenko T, Willems FMJ (2009) Biometric systems: privacy and secrecy aspects. IEEE Trans Inf Forensics Secur 4(4):956–973

    Article  Google Scholar 

  19. Jiang Q, Ma J, Li G, Yang L (2013) An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wirel Pers Commun 68(4):1477–1491

    Article  Google Scholar 

  20. Jung J, Kang D, Lee D, Won D (2017) An improved and secure anonymous biometric-based user authentication with key agreement scheme for the integrated EPR information system. PLos One 12 (1):e0169414

    Article  Google Scholar 

  21. Karuppiah M, Kumari S, Das AK, Li X, Wu F, Basu S (2016) A secure lightweight authentication scheme with user anonymity for roaming service in ubiquitous networks. Secur Commun Netw 9(17):4192–4209

    Article  Google Scholar 

  22. Kumari S, Khan MK, Li X, Wu F (2016) Design of a user anonymous password authentication scheme without smart card. Int J Commun Syst 29(3):441–458

    Article  Google Scholar 

  23. Kumari S, Li X, Wu F, Das AK, Odelu V, Khan MK (2016) A user anonymous mutual authentication protocol. KSII Trans Internet Inf Syst 10(9):4508–4528

    Google Scholar 

  24. Lee CC, Hwang MS, Liao IE (2006) Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE Trans Ind Electron 53(5):1683–1687

    Article  Google Scholar 

  25. Lee TF (2015) Provably secure anonymous single-sign-on authentication mechanisms using extended chebyshev chaotic maps for distributed computer networks. IEEE Syst J 12(2):1499–1505

    Article  Google Scholar 

  26. Lu Y, Xu G, Li L, Yang Y (2019) Robust privacy-preserving mutual authenticated key agreement scheme in roaming service for global mobility networks. IEEE Syst J 13(2):1454–1465

    Article  Google Scholar 

  27. Mun H, Han K, Lee YS, Yeun CY, Choi HH (2012) Enhanced secure anonymous authentication scheme for roaming service in global mobility networks. Math Comput Model 55(1-2):214– 222

    Article  MathSciNet  MATH  Google Scholar 

  28. Oheimb VD (2005) The high-level protocol specification language HLPSL developed in the EU project AVISPA. In: Proceedings of the 3rd APPSEM II (Applied Semantics II) Workshop (APPSEM’05), Germany

  29. Odelu V, Das AK, Kumari S, Huang X, Wazid M (2017) Provably secure authenticated key agreement scheme for distributed mobile cloud computing services. Futur Gener Comput Syst 68: 74–88

    Article  Google Scholar 

  30. Reddy AG, Das AK, Odelu V, Yoo KY (2016) An enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography. PLos One 11(5):e0154308

    Article  Google Scholar 

  31. Kumari S, Khan MK, Atiquzzaman M (2015) User authentication schemes for wireless sensor networks: a review. Ad Hoc Netw 27:159–194

    Article  Google Scholar 

  32. Khatoon S, Singh Thakur B (2020) Cryptanalysis and improvement of authentication scheme for roaming service in ubiquitous network. Cryptologia 44(4):315–340

    Article  Google Scholar 

  33. Ostad-Sharif A, Babamohammadi A, Abbasinezhad-Mood D, Nikooghadam M (2019) Efficient privacy-preserving authentication scheme for roaming consumer in global mobility networks. Int J Commun Syst 32(5):e3904

    Article  Google Scholar 

  34. Wu CC, Lee WB, Tsaur WJ (2008) A secure authentication scheme with anonymity for wireless communications. IEEE Commun Lett 12(10):722–723

    Article  Google Scholar 

  35. Wen F, Susilo W, Yang G (2013) A secure and effective anonymous user authentication scheme for roaming service in global mobility networks. Wirel Pers Commun 73(3):993–1004

    Article  Google Scholar 

  36. Wang D, He D, Wang P, Chu CH (2015) Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Depend Secur Comput 12(4):428–442

    Article  Google Scholar 

  37. Wazid M, Das AK, Kumari S, Li X, Wu F (2016) Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS. Secur Commun Netw 9(13):1983–2001

    Google Scholar 

  38. Wang D, Wang P (2018) Two birds with one stone: two-factor authentication with security beyond conventional bound. IEEE Trans Depend Secur Comput 15(4):708–722

    Google Scholar 

  39. Wu F, Xu L, Kumari S, Li X, Khan MK, Das AK (2017) An enhanced mutual authentication and key agreement scheme for mobile user roaming service in global mobility networks. Ann Telecommun 72(3-4):131–144

    Article  Google Scholar 

  40. Wang C, Xu G (2017) Cryptanalysis of three password-based remote user authentication schemes with non-tamper-resistant smart card. Secur Commun Netw 2017:e1619741

    Article  Google Scholar 

  41. Wang C, Wang D, Xu G, Guo Y (2017) A lightweight password-based authentication protocol using smart card. Int J Commun Syst 30(16):e3336

    Article  Google Scholar 

  42. Xie Q, Hu B, Tan X, Bao B, Yu X (2014) Robust anonymous two-factor authentication scheme for roaming service in global mobility network. Wirel Pers Commun 74(2):601–614

    Article  Google Scholar 

  43. Xie Q, Hu B, Tan X, Wong DS (2017) Chaotic maps-based strong anonymous authentication scheme for roaming services in global mobility networks. Wirel Pers Commun 96(4):5881–5896

    Article  Google Scholar 

  44. Xu L, Wu F (2015) Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J Med Syst 39(10)

  45. Zhao D, Peng H, Li L, Yang Y (2014) A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wirel Pers Commun 78(1):247–269

    Article  Google Scholar 

  46. Jiang Q, Zeadally S, Ma J, He D (2017) Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks. IEEE Access 5:3376–3392

    Article  Google Scholar 

  47. Zhu J, Ma J (2004) A new authentication scheme with anonymity for wireless environments. IEEE Trans Consum Electron 50(1): 231–235

    Article  Google Scholar 

  48. Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48(177):203–209

    Article  MathSciNet  MATH  Google Scholar 

  49. Miller VS (1986) Use of elliptic curves in cryptography. In: Williams HC (ed) Advances in Cryptology — CRYPTO ’85 Proceedings. CRYPTO 1985, Lecture Notes in Computer Science, 218, Springer, pp 417–426

  50. Blake I, Seroussi G, Smart N (1999) Elliptic curves in cryptography (London mathematical society lecture note series). Cambridge University Press, Cambridge

    Book  Google Scholar 

Download references

Funding

This work is supported by the Department of Science and Technology (DST), Government of India under Women Scientist Scheme A (WOS-A) under Grant No. SR/WOS-A/PM-10/2018.

Author information

Authors and Affiliations

  1. School of Studies in Mathematics, Pt.Ravishankar Shukla University, Raipur, 492010 (C.G.), India

    Shaheena Khatoon

  2. Center of General Education, National Tainan Junior College of Nursing, Tainan, Taiwan

    Te-Yu Chen

  3. Department of Library and Information Science, Research and Development Center for Physical Education, Health, and Information Technology, Fu Jen Catholic University, New Taipei City, 24205, Taiwan

    Cheng-Chi Lee

  4. Department of Computer Science and Information Engineering, Asia University, Wufeng Shiang, Taichung, 41354, Taiwan

    Cheng-Chi Lee

Authors
  1. Shaheena Khatoon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Te-Yu Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cheng-Chi Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Cheng-Chi Lee.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Khatoon, S., Chen, TY. & Lee, CC. An improved user authentication and key agreement scheme for roaming service in ubiquitous network. Ann. Telecommun. 77, 621–640 (2022). https://doi.org/10.1007/s12243-021-00895-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-021-00895-3

Keywords

Search

Navigation