Yixin Jiang,Chuang Lin,Xuemin (Sherman) Shen,Minghui Shi

DOI: https://doi.org/10.1109/twc.2006.05063

IF: 10.4

2006-01-01

IEEE Transactions on Wireless Communications

Abstract:Two novel mutual authentication and key exchange protocols with anonymity are proposed for different roaming scenarios in the global mobility network. The new features in the proposed protocols include identity anonymity and one-time session key renewal. Identity anonymity protects mobile users privacy in the roaming network environment. One-time session key progression frequently renews the session key for mobile users and reduces the risk of using a compromised session key to communicate with visited networks. It has demonstrated that the computation complexity of the proposed protocols is similar to the existing ones, while the security has been significantly improved

Yixin Jiang,Chuang Lin,Xuemin Shen,Minghui Shi

DOI: https://doi.org/10.1007/11422778_10

2005-01-01

Abstract:Two novel mutual authentication and key exchange protocols with anonymity are proposed for different roaming scenarios in the global mobility network (GLOMONET). The proposed protocols have new features, such as identity anonymity and one-time session key progression. Identity anonymity protects mobile users' privacy in the roaming network environment. One-time session key progression frequently renews the session key for mobile users and reduces the risk of using a compromised session key to communicate with visited networks. It is shown that the computation complexity of the proposed protocols is similar to the existing one appeared in the literature, while the security has been significantly enhanced.

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Guomin Yang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.1109/TWC.2007.06020042

IF: 10.4

2007-01-01

IEEE Transactions on Wireless Communications

Abstract:User privacy is a notable security issue in wireless communications. It concerns about user identities from being exposed and user movements and whereabouts from being tracked. The concern of user privacy is particularly signified in systems which support roaming when users are able to hop across networks administered by different operators. In this paper, we propose a novel construction approach of anonymous and authenticated key exchange protocols for a roaming user and a visiting server to establish a random session key in such a way that the visiting server authenticates the user's home server without knowing exactly who the user is. A network eavesdropper cannot find out the user's identity either (user anonymity). In addition, visited servers cannot track the roaming user's movements and whereabouts even they collude with each other (user untraceability). Our construction approach is generic and built upon provably secure two-party key establishment protocols. Merits of our generic protocol construction include eliminating alias synchronization between the user and the home server, supporting joint key control, and not relying on any special security assumptions on the communication channel between the visiting server and the user's home server. Our protocol can also be implemented efficiently. By piggybacking some message flows, the number of message flows between the roaming user and the visiting server is only three. As of independent interest, we describe a new practical attack called deposit-case attack and show that some previously proposed protocols are vulnerable to this attack.

Chang-Shiun Liu,Li Xu,Limei Lin,Min-Chi Tseng,Shih-Ya Lin,Hung-Min Sun

DOI: https://doi.org/10.1007/978-3-319-46298-1_4

2016-01-01

Abstract:Most of the mutual authentication protocols with user anonymity proposed for providing secure roaming service through wireless communications are based on smart cards and have to establish public key cryptosystems in advance. To solve this, Guo et al. firstly proposed an efficient mutual authentication protocol with user anonymity using smart card for wireless communications. Unfortunately, we will demonstrate their scheme requires high modular exponential operations for security issues, and does not allow users to change passwords freely. Based on modular square root, we propose an efficient remote user authentication protocol with smart cards for wireless communications. Compared with others, our protocol is more suitable for mobile devices and smart-card users.

Guomin Yang,Qiong Huang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.1109/twc.2010.01.081219

IF: 10.4

2010-01-01

IEEE Transactions on Wireless Communications

Abstract:A secure roaming protocol allows a roaming user.. to visit a foreign server.. and establish a session key in an authenticated way such that.. authenticates.. and at the same time convinces.. that it is a legitimate subscriber of some server H, called the home server of U. The conventional approach requires the involvement of all the three parties. In this paper, we propose a new approach which requires only two parties, U and V, to get involved. We propose two protocols: one provides better efficiency and supports user anonymity to an extent comparable to that provided by current mobile systems; and the other one achieves Strong User Anonymity that protects U's identity against both eavesdroppers and foreign servers and is currently the strongest notion of user anonymity defined for secure roaming. Both protocols are universal in the sense that the same protocol and signaling flows are used regardless of the domain ( home or foreign) that.. is visiting. This helps reducing the system complexity in practice. We also propose a practical user revocation mechanism, which is one of the most challenging problems for two-party roaming supporting Strong User Anonymity. Our solutions can be applied in various kinds of roaming networks such as Cellular Networks and interconnected Wireless Local Area Networks.

Yao Cheng,Li Yue,Naixia Duan,Chenglong Li

DOI: https://doi.org/10.1155/2022/5426288

2022-03-09

Wireless Communications and Mobile Computing

Abstract:An anonymous roaming scheme of mobile Internet was discussed in this paper aiming to improve the traditional authentication protocol that cannot satisfy the demand of user’s identity authentication when the mobile terminal is roaming in mobile Internet. The authentication server of remote network will complete the identity legitimacy verification of mobile terminal with the help of the home network authentication server. A temporary identity is used to prevent user’s anonymity protection from being tracked and eavesdropped, as well as other attacks, which can improve the confidential of user’s identity and location considerably. This anonymous roaming scheme can achieve a high-level of safety efficiently. This will also satisfy the development of the network technology.

computer science, information systems,telecommunications,engineering, electrical & electronic

Fan Wu,Lili Xu,Saru Kumari,Xiong Li,Ashok Kumar Das,Muhammad Khurram Khan,Marimuthu Karuppiah,Renuka Baliyan

DOI: https://doi.org/10.1002/sec.1558

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Ubiquitous networks support the roaming service for mobile communication devices. The mobile user can use the services in the foreign network with the help of the home network. Mutual authentication plays an important role in the roaming services, and researchers put their interests on the authentication schemes. Recently, in 2016, Gope and Hwang found that mutual authentication scheme of He et al. for global mobility networks had security disadvantages such as vulnerability to forgery attacks, unfair key agreement, and destitution of user anonymity. Then, they presented an improved scheme. However, we find that the scheme cannot resist the off-line guessing attack and the de-synchronization attack. Also, it lacks strong forward security. Moreover, the session key is known to HA in that scheme. To get over the weaknesses, we propose a new two-factor authentication scheme for global mobility networks. We use formal proof with random oracle model, formal verification with the tool Proverif, and informal analysis to demonstrate the security of the proposed scheme. Compared with some very recent schemes, our scheme is more applicable. Copyright © 2016 John Wiley & Sons, Ltd.

Fan Wu,Lili Xu,Saru Kumari,Xiong Li,Muhammad Khurram Khan,Ashok Kumar Das

DOI: https://doi.org/10.1007/s12243-016-0547-2

2016-01-01

Annals of Telecommunications

Abstract:Roaming service is required in the ubiquitous access used in the global mobility networks (GLOMONETs) and the security is one of the most important issues. Many researchers focus their interests on authentication schemes for GLOMONETs. In 2015, Gope and Hwang, Zhang et al. and Farash et al. proposed their key agreement authentication schemes for GLOMONETs, respectively. However, we find weaknesses in them. Gope and Hwang’s scheme is under the off-line guessing attack and the de-synchronization attack. Moreover, it does not keep strong forward security and the session key is known by the home agent. Zhang et al.’s scheme has several weaknesses including vulnerability to the off-line guessing attack, destitution of password change phase, and the leakage of updated session key. Farash et al.’s scheme lacks user anonymity and strong forward secrecy and is vulnerable to the off-line password guessing attack. The session key is known to the home agent, too. Furthermore, neither Gope and Hwang’s scheme nor Farash et al.’s scheme has the session key update phase. To eliminate the problems, we present an improved authentication and key agreement scheme for GLOMONETs. According to the formal proof and the informal analysis, our scheme is well-performed and applicable.

Guomin Yang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.3217/jucs-014-03-0441

2008-01-01

Abstract:In a secure roaming scenario, a user U travels to a foreign network and communicates with a foreign server V securely so that no one other than U and V can obtain the messages exchanged between them. U may also want to travel anonymously so that no one including V can find out its identity or trace its whereabouts except its home server H. There have been many key establishment protocols proposed for secure roaming. A typical application of these protocols is the mobile roaming service which may be deployed to interconnected WLAN and 3G networks. Despite the importance of these protocols, most of the protocols are analyzed heuristically. They are lack of formal security treatment. In this paper, we propose a formal key exchange definition and formalize secure roaming under the Canetti-Krawczyk (CK) model. We also propose a formal model for capturing the notions of user anonymity and untraceability. By using the modular approach supported by the CK-model, we construct an efficient key exchange protocol for roaming and then extend it to support user anonymity and untraceability. The protocols are efficient and each of them requires only four message flows among the three parties U, H and V. For building our protocols, we construct a one-pass counter based MT-authenticator and show its security under the assumption of a conventional MAC secure against chosen message attack.

Deng Fangmin,Xu Chunxiang,Wang Yongping

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.13.043

2006-01-01

Abstract:The key technology of mobile value-added services is to design protocols,which can meet the poor computing power as well as being security.This paper proposes an Advanced-RPC protocol by adding hash function with key to the Lowe modified BAN concrete Andrew Secure RPC.The new protocol mends some undesirable properties in the old one,enhances forward security,and improves the running efficiency.Possessing of both secure and efficient properties makes the proposed protocol suitable for the low power wireless communications.

Daojing He,Sammy Chan,Chun Chen,Jiajun Bu,Rong Fan

DOI: https://doi.org/10.1007/s11277-010-0033-5

IF: 2.017

2010-01-01

Wireless Personal Communications

Abstract:Designing a user authentication protocol with anonymity for the global mobility network (GLOMONET) is a difficult task because wireless networks are susceptible to attacks and each mobile user has limited power, processing and storage resources. In this paper, a secure and lightweight user authentication protocol with anonymity for roaming service in the GLOMONET is proposed. Compared with other related approaches, our proposal has many advantages. Firstly, it uses low-cost functions such as one-way hash functions and exclusive-OR operations to achieve security goals. Having this feature, it is more suitable for battery-powered mobile devices. Secondly, it uses nonces instead of timestamps to avoid the clock synchronization problem. Therefore, an additional clock synchronization mechanism is not needed. Thirdly, it only requires four message exchanges between the user, foreign agent and home agent. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, no password table, and high efficiency in password authentication. Security and performance analyses show that compared with other related authentication schemes, the proposed scheme is more secure and efficient.

Yuan Wang,Duncan S. Wong,Liusheng Huang

DOI: https://doi.org/10.1109/wcins.2010.5541836

2010-01-01

Abstract:In recent years, privacy protection for a roaming user has become an increasingly demanding requirement for wireless communications. A secure wireless roaming protocol should not only establish a secure session key between a roaming user and a foreign server, but also provide privacy protection so to keep user identity from being exposed (user anonymity) and user movement from being tracked (user untraceability). In this paper, we propose the first one-pass anonymous key establishment protocol for wireless roaming which requires only the roaming user and the foreign server to get involved. No eavesdropper can get the user's real identity after the first temporary ID for the user is established. In each new session, this temporary ID is updated so that eavesdroppers cannot associate those temporary IDs to any particular user, nor telling if two roaming sessions are corresponding to the same user or not. While most of the existing anonymous roaming protocols require at least three message flows, our protocol requires only one and can still provide implicit authentication.

Guomin Yang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.1007/11496137_23

2005-01-01

Abstract:The Canetti-Krawczyk (CK) model uses resuable modular components to construct indistinguishability-based key exchange protocols. The reusability of modular protocol components makes it easier to construct and prove new protocols when compared with other provably secure approaches. In this paper, we build an efficient anonymous and authenticated key exchange protocol for roaming by using the modular approach under the CK-model. Our protocol requires only four message flows and uses only standard cryptographic primitives. We also propose a one-pass counter based MT-authenticator and show its security under the assumption that there exists a MAC which is secure against chosen message attack.

XU Chuan,LIU Yuan

DOI: https://doi.org/10.3969/j.issn.1000-3428.2011.08.004

2011-01-01

Abstract:Based on a combination of elliptic curve cryptography Combined Public Key(CPK) technology and using self-certification approach identifies,the paper proposes a new authentication protocol,which applies to Wireless Mesh Networks(WMNs) roaming scenarios and supports large scale application.Analysis results show that this protocol completes mutual authentication and establishes a shared key with fewer interact times,and it proves Universally Composable security(UC).

Yijun He,Nan Xu,Jie Li

DOI: https://doi.org/10.1109/ARES.2007.23

2007-01-01

Abstract:We propose an efficient and secure mutual authentication and key exchange protocol suitable for applications using low-power mobile communications. It maintains the required level of security and has the property of perfect forward secrecy which is not possessed by other protocols such as ES-MAKEP, L-MAKEP, and I-MAKEP. Moreover, the paper also provides a formal proof to guarantee the security of the proposed protocol. Further, we apply the proposed authentication and key exchange solution to WTLS to obtain a more secure protocol

Marimuthu Karuppiah,Saru Kumari,Ashok Kumar Das,Xiong Li,Fan Wu,Sayantani Basu

DOI: https://doi.org/10.1002/sec.1598

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Ubiquitous networks provide effective roaming services for mobile users (MUs). Through the worldwide roaming technology, authorized MUs can avail ubiquitous network services. Important security issues to be considered in ubiquitous networks are authentication of roaming MUs and protection of privacy of MUs. However, because of the broadcast nature of wireless channel and resource limitations of terminals, providing efficient user authentication with privacy preservation is a challenging task. Very recently, Farash et al. proposed an authentication scheme with anonymity for consumer roaming in ubiquitous networks and claimed their scheme achieves all security requirements. In this paper, we show that the scheme of Farash et al. fails to achieve user anonymity and mutual authentication. Their scheme also fails to provide local password verification, and it has a faulty password change phase. Moreover, their scheme is vulnerable to replay, offline password guessing, and forgery attacks. To fix the security flaws of the scheme of Farash et al., we present an improved authentication scheme for accessing roaming service provided by ubiquitous networks. We then formally verify the security properties of our scheme by the widely-accepted push-button tool called Automated Validation of Internet Security Protocols and Applications. Security and performance analyses show that our scheme is more powerful, efficient, and secure when it is compared with existing schemes. Copyright (C) 2016 John Wiley & Sons, Ltd.

Lili Xu,Fan Wu

DOI: https://doi.org/10.1002/sec.1551

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:As an important service, global roaming is widely used in global mobility networks to make the stable connectivity when the user goes through between different networks. To keep the security of communication, mutual authentication among the foreign agent, the home agent, and the user is a necessary part before normal data flow of the communication. Besides that, the need that the user's personal information should be protected is also an urgent task in the intercourse. Until now, a host of two-factor authentication schemes has been presented, and many weaknesses are presented under security analysis. Here, we propose a new three-factor key agreement and authentication scheme to overcome the problems, which exist in the past schemes. The security of the scheme is proved with three ways. The first is the formal proof employing the random oracle model. The second is the formal verification with Proverif, and the last is the informal analysis. And the presented scheme has all common security properties and is practical for applications. Copyright © 2016 John Wiley & Sons, Ltd.

Bo LIU,Yu-Yang ZHOU,Fei HU,Fa-Gen LI

DOI: https://doi.org/10.13868/j.cnki.jcr.000224

2018-01-01

Abstract:With the rapid development of E-commerce, network service providers usually provide users with a wide range of services running on different servers. Thus, multi-server model has been widely used. Meanwhile, more and more people access network services more quickly through the mobile phones or other mobile devices, this is the current mobile client-multi-server model which has been very popular. On one hand, mobile devices bring convenience to our lives. On the other hand, the openness of mobile Internet makes its security issues more serious. It is necessary to design a user authentication and key agreement protocol for the mobile client-multi-server model. However, compared with personal computers, mobile devices have resource-constrained features. So how to design a protocol that combines security and efficiency is not an easy task. In order to solve this problem, this study proposes a user authentication and key agreement protocol under the mobile client-multi-server model. Certificateless public key cryptography can solve the problem of certificate management in traditional public key systems and the inherent key escrow problem in identity-based public key cryptography, it has the advantages of both high efficiency and security. In addition, the mobile devices have the characteristics of resource constraints, so the certificateless public key cryptography is very suitable for designing a security protocol for mobile devices which have limited resources. In this paper, it is proved that the proposed protocol can provide mutual authentication and secure key agreement services in the random oracle model. Compared with other protocols of the same type,the proposed protocol in this paper has a better computational efficiency.

Xiong Li,Arun Kumar Sangaiah,Saru Kumari,Fan Wu,Jian Shen,Muhammad Khurram Khan

DOI: https://doi.org/10.1007/s00779-017-1054-9

2017-01-01

Personal and Ubiquitous Computing

Abstract:Smart city improves quality of life for urban residents by using multiple information and communication technologies. As the network infrastructure of smart city, GLObal MObility NETwork (GLOMONET) can offer seamless network connection service for mobile subscribers. Whereas, because of the opening characteristics of wireless channel and various attacks, security becomes a vital issue in GLOMONET. Recently, Karuppiah and Saravanan proposed an enhanced user authentication for roaming service in GLOMONET. Unfortunately, their scheme lacks the features of session key update and perfect forward secrecy, and the session key can be revealed by home agent. Besides, their scheme faces clock synchronization problem and efficiency problem. In order to provide secure authentication service, a novel ECC (elliptic curve cryptosystem)- based user authentication scheme for roaming service in smart city is proposed in this manuscript. The security features of the proposed scheme are formally evaluated by using provable security method under random oracle model and also present informal analysis. In addition, comparative analysis is given among our scheme and relevant protocols. The results of comparative analysis illustrate that the proposed protocol provides robust and efficient for roaming service in smart city.