Abstract
Global mobility network (GLOMONET) provides global roaming service to ensure ubiquitous connectivity for users traveling from one network to another. It is very crucial not only to authenticate roaming users, but to protect the privacy of users. However, due to the broadcast nature of wireless channel and resource limitations of terminals, providing efficient user authentication with privacy preservation is challenging. Recently, He et al. proposed a secure and lightweight user authentication scheme with anonymity for roaming service in GLOMONETs. However, in this paper, we identify that the scheme fails to achieve strong two-factor security, and suffers from domino effect, privileged insider attack and no password change option, etc. Then we propose an enhanced authentication scheme with privacy preservation based on quadratic residue assumption. Our improved scheme enhances security strength of He et al.’s protocol while inheriting its merits of low communication and computation cost. Specifically, our enhanced scheme achieves two-factor security and user untraceability.
Similar content being viewed by others
References
Samfat, D., Molva, R., & Asokan, N. (1995). Untraceability in mobile networks. In Proceedings of ACM Mobicom’95 (pp. 26–36).
Boyd C., Mathuria A. (2000) Key establishment protocols for secure mobile communications: A critical survey. Computer Communications 23(5–6): 575–587
Jiang Y., Lin C., Shen X. (2006) Mutual authentication and key exchange protocols for roaming services in wireless mobile networks. IEEE Transactions on Wireless Communications 5(9): 2569–2577
Lee T., Chang C., Hwang T. (2005) Private authentication techniques for the global mobility network. Wireless Personal Communications 35(4): 329–336
Fatemi M., Salimi S., Salahi A. (2010) Anonymous roaming in universal mobile telecommunication system mobile networks. IET Information Security 4(2): 93–103
Zhu J., Ma J. (2004) A new authentication scheme with anonymity for wireless environments. IEEE Transaction on Consumer Electronics 50(1): 230–234
Lee C., Hwang M., Liao I. (2006) Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE Transaction on Industrial Electronics 53(5): 1683–1687
Wu C., Lee W., Tsaur W. J. (2008) A secure authentication scheme with anonymity for wireless communications. IEEE Communications Letters 12(10): 722–723
Zeng P., Cao Z., Choo K-K. R., Wang S. (2009) On the anonymity of some authentication schemes for wireless communications. IEEE Communications Letters 13(3): 170–171
Lee J., Chang J., Lee D. (2009) Security flaw of authentication scheme with anonymity for wireless communications. IEEE Communications Letters 13(5): 292–293
Wang R., Juang W., Lei C. (2009) A robust authentication scheme with user anonymity for wireless environments. International Journal of Innovative Computing, Information and Control 5(4): 1069–1080
He, D., Ma, M., Zhang, Y., & Chen, C. (2010). A strong user authentication scheme with smart cards for wireless communications. Computer Communications. doi:10.1016/j.comcom.201001.031.
Chang C., Lee C., Chiu Y. C. (2009) Enhanced authentication scheme with anonymity for roaming service in global mobility networks. Computer Communications 32(4): 611–618
Youn T., Park Y., Lim J. (2009) Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks. IEEE Communications Letters 13(7): 471–473
He, D., Chan, S., Chen, C., & Bu, J. (2010). Design and validation of an efficient authentication scheme with anonymity for roaming service in global mobility networks. Wireless Personal Communications. doi:10.1007/s11277-010-0033-5.
Kocher, P. C., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of 19th international advances in cryptology conference CRYPTO, Santa Barbara, CA, USA (pp. 388–397).
Messerges T. S., Dabbish E. A., Sloan R. H. (2002) Examining smart card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5): 541–552
Yang G., Wong D., Wang H., Deng X. (2008) Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences 74(7): 1160–1172
Wang R., Juang W., Lei C. (2009) User authentication scheme with privacy-preservation for multi-server environment. IEEE Communications Letters 13(2): 157–159
Juang W., Chen S., Liaw H. (2008) Robust and efficient password-authenticated key agreement using smart cards. IEEE Transactions on Industrial Electronics 55(6): 2551–2556
Rosen K. (1988) Elementary number theory and its applications. Addison-Wesley, Reading, MA
Wang, R., Juang, W., & Lei, C. (2010). Robust authentication and key agreement scheme preserving the privacy of secret key. Computer Communications. doi:10.1016/j.comcom.2010.04.005.
Yang G., Wong D., Deng X. (2007) Anonymous and authenticated key exchange for roaming networks. IEEE Transactions on Wireless Communications 6(9): 1035–1042
Liao Y., Wang S. (2009) A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces 31(1): 24–29
Wu, S., Zhu, Y., & Pu, Q. (2011). Robust smart-cards-based user authentication scheme with user anonymity. Security and Communication Networks. doi:10.1002/sec.315.
Chen Y., Chou J., Sun H. (2008) A novel mutual-authentication scheme based on quadratic residues for RFID systems. Computer Networks 52(12): 2373–2380
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jiang, Q., Ma, J., Li, G. et al. An Enhanced Authentication Scheme with Privacy Preservation for Roaming Service in Global Mobility Networks. Wireless Pers Commun 68, 1477–1491 (2013). https://doi.org/10.1007/s11277-012-0535-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-012-0535-4