Qing-Qing Xie,Shunrong Jiang,Liangmin Wang,Chin-Chen Chang

DOI: https://doi.org/10.6633/ijns.201609.18(5).02

2016-01-01

Abstract:The cloud-assisted Body Sensor Networks (BSN) often has an architecture of Multi-hop Wireless Networks (MWN) model, in which both the body sensors and the users must be secure to protect the whole infrastructure. Unfortunately, both the information providers and the users are movable and resource-constrained in communication and computation. Thus some new security problems are proposed, such as the light weight-secure authentication caused by limited resource, re-authentication in foreign zone caused by mobility, and composablilty security caused by heterogeneity between the transmission subnet, many BSN subnets. We propose a Random Roaming Authentication Protocol (RanRAP) for BSNs with these cloud-assisted infrastructure. We test the composable security at an AP/cluster head/gateway node by using strand spaces theory, and analyze the performance of RanRAP protocol in both the theoretical analysis and experiment simulations. It was shown that RanRAP has some advantages of composable security, computation and communication overheads over some related protocols.

Shunrong Jiang,Jingjun Miao,Liangmin Wang

DOI: https://doi.org/10.1109/ICCSN.2011.6013576

2011-01-01

Abstract:The introduction of mobile node brings new security problems and challenges to Heterogeneous Wireless Sensor Network(HWSN), that is how to ensure the credibility, security and low consumption of mobile node in the entire network. In this paper, we design a highly efficient re-authentication protocol for mobile node (MRAP) in HWSN, which makes two communicating parties achieve identity authentication and establish a new pairwise key. We analyze our re-authentication according to the theory. The result shows that our authentication protocol does not affect HWSN performance basically, besides it can provide better security with reducing communication overhead, computation cost and storage space than previous protocols.

Weichuan Ni,Shitong Ye,Zhiming Xu,Zhiping Wan,Shaojiang Liu

DOI: https://doi.org/10.1109/ACCESS.2020.2967469

IF: 3.9

2020-01-17

IEEE Access

Abstract:With the increasing and diversified Internet of Things (IoT) devices, more IoT heterogeneous wireless networks have emerged, providing more network services for IoT devices, especially mobile phones and other roaming devices. However, there are also some malicious users who use different means to attack the security of the network, so that more users begin to pay attention to the identity authentication and privacy protection of the Internet of Things. This paper designs an IoT node roaming authentication model, which is used to enhance the security authentication capability of the Internet of Things to roaming devices. In order to effectively prevent malicious nodes from connecting to the network, this paper proposes a roaming authentication protocol based on heterogeneous fusion mechanism (HFM-IoT). The authentication protocol uses the remote authentication server in the local and remote areas to perform interactive authentication on the roaming device, which increases the difficulty of attacking or infecting multiple network areas by malicious nodes. According to the security analysis, the protocol can protect against multiple network attacks, and it can be seen from the experimental simulation results that the protocol has lower energy burden and authentication delay.

Engineering,Computer Science

Xiaowen Chu,Yixin Jiang,Chuang Lin,Fujun Feng

DOI: https://doi.org/10.1007/11839569_39

2006-01-01

Abstract:In this paper, based on self-certified mechanism, we propose a novel mutual authentication and key exchange protocol for roaming services in the global mobility network. The main new features included in the proposed protocol are (1) identity anonymity, which protects location privacy of mobile users in the roaming network environment; (2) one-time session key renewal, which frequently updates the session key for mobile users and hence reduces the risk of using a compromised session key to communicate with the visited network. The performance analysis shows that the computational complexity of our protocol is low and suitable to be used on mobile equipments.

Kaiping Xue,Xinyi Luo,Yongjin Ma,Jian Li,Jianqing Liu,David S. L. Wei

DOI: https://doi.org/10.1109/tvt.2022.3148303

IF: 6.8

2022-01-01

IEEE Transactions on Vehicular Technology

Abstract:Secure and real-time communication is an essential condition in mobile vehicular networks, and this requires secure authentication and seamless access enabled by roaming services. As a security inspector, roaming authentication ensures that legitimate users can access the network securely. However, today’s roaming authentication protocols authenticate users with the help of centralized authentication servers, leading to the risk of the single point of failure and roaming fraud. The massive device access in 5G networks further exacerbates the losses when problems occur. In light of it, we propose a decentralized fraud-proof roaming authentication framework based on blockchain. We leverage smart contracts to implement a roaming authentication protocol, including user/AP registration, authentication, and revocation. For higher efficiency, we utilize the Bloom filter for the revocation process. In addition, we design an unforgeable and undeniable billing scheme based on hash chain technology. Security and performance analysis show that the proposed roaming authentication scheme can provide the required security features while incurring an acceptable authentication delay.

Shanpeng Liu,Xiong Li,Fan Wu,Junguo Liao,Jin Wang,Dingbao Lin

DOI: https://doi.org/10.3390/electronics8090939

IF: 2.9

2019-01-01

Electronics

Abstract:In today's society, Global Mobile Networks (GLOMONETs) have become an important network infrastructure that provides seamless roaming service for mobile users when they leave their home network. Authentication is an essential mechanism for secure communication among the mobile user, home network, and foreign network in GLOMONET. Recently, Madhusudhan and Shashidhara presented a lightweight authentication protocol for roaming application in GLOMONET. However, we found their protocol not only has design flaws, but is also vulnerable to many attacks. To address these weaknesses, this paper proposes a novel authentication protocol with strong security for GLOMONET based on previous work. The fuzzy verifier technique makes the protocol free from smart card breach attack, while achieving the feature of local password change. Moreover, the computational intractability of the Discrete Logarithm Problem (DLP) guarantees the security of the session key. The security of the protocol is verified by the ProVerif tool. Compared with other related protocols, our protocol achieves a higher level of security at the expense of small increases in computational cost and communication cost. Therefore, it is more suitable for securing the roaming application in GLOMONET.

Daojing He,Chun Chen,Sammy Chan,Jiajun Bu

DOI: https://doi.org/10.1002/dac.1387

2012-01-01

International Journal of Communication Systems

Abstract:SUMMARYWhen one considers the broad range of wirelessly connected mobile devices used today, it is clear that integrating such network‐enabled devices into secure roaming over wireless networks is of essential importance. Over the years, many authentication protocols have been suggested to address this issue. Among these protocols, the recently proposed privacy‐preserving universal authentication protocol, Priauth, exceeds the security and efficiency of other authentication techniques. This paper studies the existing roaming authentication protocols and shows that they are not strong enough to provide secure roaming services in three aspects. Further, using Priauth as an example, we propose efficient remedies that fix the weaknesses. The experimental results show that the proposed approaches are feasible in practice. Copyright © 2012 John Wiley & Sons, Ltd.

Yao Cheng,Li Yue,Naixia Duan,Chenglong Li

DOI: https://doi.org/10.1155/2022/5426288

2022-03-09

Wireless Communications and Mobile Computing

Abstract:An anonymous roaming scheme of mobile Internet was discussed in this paper aiming to improve the traditional authentication protocol that cannot satisfy the demand of user’s identity authentication when the mobile terminal is roaming in mobile Internet. The authentication server of remote network will complete the identity legitimacy verification of mobile terminal with the help of the home network authentication server. A temporary identity is used to prevent user’s anonymity protection from being tracked and eavesdropped, as well as other attacks, which can improve the confidential of user’s identity and location considerably. This anonymous roaming scheme can achieve a high-level of safety efficiently. This will also satisfy the development of the network technology.

computer science, information systems,telecommunications,engineering, electrical & electronic

Daojing He,Sammy Chan,Chun Chen,Jiajun Bu,Rong Fan

DOI: https://doi.org/10.1007/s11277-010-0033-5

IF: 2.017

2010-01-01

Wireless Personal Communications

Abstract:Designing a user authentication protocol with anonymity for the global mobility network (GLOMONET) is a difficult task because wireless networks are susceptible to attacks and each mobile user has limited power, processing and storage resources. In this paper, a secure and lightweight user authentication protocol with anonymity for roaming service in the GLOMONET is proposed. Compared with other related approaches, our proposal has many advantages. Firstly, it uses low-cost functions such as one-way hash functions and exclusive-OR operations to achieve security goals. Having this feature, it is more suitable for battery-powered mobile devices. Secondly, it uses nonces instead of timestamps to avoid the clock synchronization problem. Therefore, an additional clock synchronization mechanism is not needed. Thirdly, it only requires four message exchanges between the user, foreign agent and home agent. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, no password table, and high efficiency in password authentication. Security and performance analyses show that compared with other related authentication schemes, the proposed scheme is more secure and efficient.

Shashidhara R.,Bojjagani Sriramulu,Maurya Anup Kumar,Kumari Saru,Xiong Hu

DOI: https://doi.org/10.1007/s12083-020-00929-y

IF: 3.488

2020-01-01

Peer-to-Peer Networking and Applications

Abstract:The authentication system plays a crucial role in the context of GLObal MObility NETwork (GLOMONET) where Mobile User (MU) often need to seamless and secure roaming service over multiple Foreign Agents (FA). However, designing a robust and anonymous authentication protocol along with a user privacy is essential and challenging task. Due to the resource constrained property of mobile terminals, the broadcast nature of a wireless channel, mobility environments are frequently exposed to several attacks. Many researchers focus their interests on designing an efficient and secure mobile user authentication protocol for mobility networks. Very recently (in 2018), Xu et al presented the novel anonymous authentication system for roaming in GLOMONET, and insisted that their protocol is more secure than existing authentication protocols. The security strength of Xu et al.'s authentication protocol is analysed and identified that the protocol is vulnerable to stolen verifier attack, privileged insider attack, impersonation attack and denial of service attack. In-fact, the protocol suffers from clock synchronization problem and cannot afford local password-verification to detect wrong passwords quickly. As a remedy, we proposed an efficient and robust anonymous authentication protocol for mobility networks. The proposed mobile user authentication protocol achieves the provable security and has the ability to resist against numerous network attacks. Besides, the correctness of the novel authentication protocol is validated using formal security tool called AVISPA (Automated Validation of Internet Security Protocols & Applications). Finally, the performance analysis and simulation results reveals that the proposed authentication protocol is computationally efficient and practically implementable in resource limited mobility environments.

Guomin Yang,Qiong Huang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.1109/twc.2010.01.081219

IF: 10.4

2010-01-01

IEEE Transactions on Wireless Communications

Abstract:A secure roaming protocol allows a roaming user.. to visit a foreign server.. and establish a session key in an authenticated way such that.. authenticates.. and at the same time convinces.. that it is a legitimate subscriber of some server H, called the home server of U. The conventional approach requires the involvement of all the three parties. In this paper, we propose a new approach which requires only two parties, U and V, to get involved. We propose two protocols: one provides better efficiency and supports user anonymity to an extent comparable to that provided by current mobile systems; and the other one achieves Strong User Anonymity that protects U's identity against both eavesdroppers and foreign servers and is currently the strongest notion of user anonymity defined for secure roaming. Both protocols are universal in the sense that the same protocol and signaling flows are used regardless of the domain ( home or foreign) that.. is visiting. This helps reducing the system complexity in practice. We also propose a practical user revocation mechanism, which is one of the most challenging problems for two-party roaming supporting Strong User Anonymity. Our solutions can be applied in various kinds of roaming networks such as Cellular Networks and interconnected Wireless Local Area Networks.

Vanga Odelu,Soumya Banerjee,Ashok Kumar Das,Samiran Chattopadhyay,Saru Kumari,Xiong Li,Adrijit Goswami

DOI: https://doi.org/10.1007/s11277-017-4302-4

IF: 2.017

2017-01-01

Wireless Personal Communications

Abstract:In real-life applications, ensuring secure transmission of data over public network channels to prevent malicious eavesdropping of the data is an important issue. Several potential security risks arise while protecting data and providing access control over the data. Due to the broadcast nature of the wireless channels, wireless networks are often vulnerable to various possible known attacks. Therefore, designing a secure and efficient authentication scheme in the global mobility network (GLOMONET) environment becomes a challenging task to the researchers. In recent years, several user authentication schemes for roaming services in GLOMONET have been proposed. However, most of them are either vulnerable to various known attacks or they are inefficient. Most recently, Zhao et al. proposed an anonymous authentication scheme for roaming service in GLOMONET (Zhao et al. in Wireless Personal Communications 78:247–269, 2014) and they claimed that their scheme can withstand all possible known attacks. In this paper, Zhao et al.’s scheme is revisited, and it is shown that their scheme fails to provide strong user anonymity when the session-specific temporary information are revealed to an adversary. Further, their scheme does not protect replay attack, offline password guessing attack and privileged-insider attack. In addition, there is no provision for revocation and re-registration mechanism in their scheme and also there exists design flaw in their schemeu. Moreover, another recently proposed Memon et al.’s scheme (Memon et al. in Wireless Personal Communications 84:1487–1508, 2015) fails to protect the privileged-insider attack. Thus, there is a great need to provide security enhancement of their schemes in order to apply in practical applications. The proposed scheme withstands the security weaknesses found in Zhao et al.’s scheme and Memon et al.’s scheme. Through the rigorous formal and informal security analysis, it is shown that the proposed scheme has the ability to tolerate various known attacks. In addition, the proposed scheme is simulated using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications tool and the simulation results reveal that the proposed scheme is secure. The proposed scheme is also efficient in computation and communication as compared to Zhao et al.’s scheme and other related schemes.

Yixin Jiang,Chuang Lin,Xuemin (Sherman) Shen,Minghui Shi

DOI: https://doi.org/10.1109/twc.2006.05063

IF: 10.4

2006-01-01

IEEE Transactions on Wireless Communications

Abstract:Two novel mutual authentication and key exchange protocols with anonymity are proposed for different roaming scenarios in the global mobility network. The new features in the proposed protocols include identity anonymity and one-time session key renewal. Identity anonymity protects mobile users privacy in the roaming network environment. One-time session key progression frequently renews the session key for mobile users and reduces the risk of using a compromised session key to communicate with visited networks. It has demonstrated that the computation complexity of the proposed protocols is similar to the existing ones, while the security has been significantly improved

Fan Wu,Lili Xu,Saru Kumari,Xiong Li,Muhammad Khurram Khan,Ashok Kumar Das

DOI: https://doi.org/10.1007/s12243-016-0547-2

2016-01-01

Annals of Telecommunications

Abstract:Roaming service is required in the ubiquitous access used in the global mobility networks (GLOMONETs) and the security is one of the most important issues. Many researchers focus their interests on authentication schemes for GLOMONETs. In 2015, Gope and Hwang, Zhang et al. and Farash et al. proposed their key agreement authentication schemes for GLOMONETs, respectively. However, we find weaknesses in them. Gope and Hwang’s scheme is under the off-line guessing attack and the de-synchronization attack. Moreover, it does not keep strong forward security and the session key is known by the home agent. Zhang et al.’s scheme has several weaknesses including vulnerability to the off-line guessing attack, destitution of password change phase, and the leakage of updated session key. Farash et al.’s scheme lacks user anonymity and strong forward secrecy and is vulnerable to the off-line password guessing attack. The session key is known to the home agent, too. Furthermore, neither Gope and Hwang’s scheme nor Farash et al.’s scheme has the session key update phase. To eliminate the problems, we present an improved authentication and key agreement scheme for GLOMONETs. According to the formal proof and the informal analysis, our scheme is well-performed and applicable.

Daojing He,Chun Chen,Jiajun Bu,Sammy Chan,Yan Zhang

DOI: https://doi.org/10.1109/mcom.2013.6461199

IF: 9.03

2013-01-01

IEEE Communications Magazine

Abstract:Seamless roaming over wireless networks is highly desirable to mobile users, but ensuring the security and efficiency of this process is challenging. Although the same may be said for all communication systems, roaming services have special requirements and vulnerabilities, and therefore deserve special attention. Over the years, we have seen a variety of authentication protocols emerging to addre...

Li Zhi-tang,GUO Wei

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.09.016

2005-01-01

Abstract:Because of frequent topology changes and wireless multi-hop link, traditional security routing protocol can't adapt mobile Ad hoc networks. In this paper, a mutual authentication security Ad hoc Network routing protocol, MASRP(mutual authenticated secure Ad hoc routing protocol) is proposed. With mutual authentication end nodes and exchange one-time session key in the route discovery of demand routing, it ensure that it is correctness of routing discovers and reliability of data transfers from end to end, to increase the secure of routing protocol. At the end of this paper, the secure of protocol is also proved by BAN logic.

Chun Chen,Daojing He,samuel y c chan,Jiajun Bu,Yi Gao,Rong Fan

DOI: https://doi.org/10.1002/dac.1158

2011-01-01

International Journal of Communication Systems

Abstract:Seamless roaming in the global mobility network (GLOMONET) is highly desirable for mobile users, although their proper authentication is challenging. This is because not only are wireless networks susceptible to attacks, but also mobile terminals have limited computational power. Recently, some authentication schemes with anonymity for the GLOMONET have been proposed. This paper shows some security weaknesses in those schemes. Furthermore, a lightweight and provably secure user authentication scheme with anonymity for the GLOMONET is proposed. It uses only symmetric cryptographic and hash operation primitives for secure authentication. Besides, it takes only four message exchanges among the user, foreign agent and home agent. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, user friendly, no password/verifier table, and use of one-time session key between mobile user and foreign agent. The security properties of the proposed protocol are formally validated by a model checking tool called AVISPA. Furthermore, as one of the new features in our protocol, it can defend smart card security breaches. Copyright © 2010 John Wiley & Sons, Ltd. (In this paper, we propose a lightweight and provably secure user authentication scheme with anonymity for the global mobility network. It uses only symmetric cryptographic and hash operation primitives for secure authentication. Besides, it takes only four message exchanges among the user, foreign agent and home agent. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity and user friendly. Furthermore, it can defend smart card security breaches.)

Guomin Yang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.3217/jucs-014-03-0441

2008-01-01

Abstract:In a secure roaming scenario, a user U travels to a foreign network and communicates with a foreign server V securely so that no one other than U and V can obtain the messages exchanged between them. U may also want to travel anonymously so that no one including V can find out its identity or trace its whereabouts except its home server H. There have been many key establishment protocols proposed for secure roaming. A typical application of these protocols is the mobile roaming service which may be deployed to interconnected WLAN and 3G networks. Despite the importance of these protocols, most of the protocols are analyzed heuristically. They are lack of formal security treatment. In this paper, we propose a formal key exchange definition and formalize secure roaming under the Canetti-Krawczyk (CK) model. We also propose a formal model for capturing the notions of user anonymity and untraceability. By using the modular approach supported by the CK-model, we construct an efficient key exchange protocol for roaming and then extend it to support user anonymity and untraceability. The protocols are efficient and each of them requires only four message flows among the three parties U, H and V. For building our protocols, we construct a one-pass counter based MT-authenticator and show its security under the assumption of a conventional MAC secure against chosen message attack.

Marimuthu Karuppiah,Saru Kumari,Ashok Kumar Das,Xiong Li,Fan Wu,Sayantani Basu

DOI: https://doi.org/10.1002/sec.1598

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Ubiquitous networks provide effective roaming services for mobile users (MUs). Through the worldwide roaming technology, authorized MUs can avail ubiquitous network services. Important security issues to be considered in ubiquitous networks are authentication of roaming MUs and protection of privacy of MUs. However, because of the broadcast nature of wireless channel and resource limitations of terminals, providing efficient user authentication with privacy preservation is a challenging task. Very recently, Farash et al. proposed an authentication scheme with anonymity for consumer roaming in ubiquitous networks and claimed their scheme achieves all security requirements. In this paper, we show that the scheme of Farash et al. fails to achieve user anonymity and mutual authentication. Their scheme also fails to provide local password verification, and it has a faulty password change phase. Moreover, their scheme is vulnerable to replay, offline password guessing, and forgery attacks. To fix the security flaws of the scheme of Farash et al., we present an improved authentication scheme for accessing roaming service provided by ubiquitous networks. We then formally verify the security properties of our scheme by the widely-accepted push-button tool called Automated Validation of Internet Security Protocols and Applications. Security and performance analyses show that our scheme is more powerful, efficient, and secure when it is compared with existing schemes. Copyright (C) 2016 John Wiley & Sons, Ltd.

Shunrong Jiang,Jiapeng Zhang,Jingjun Miao,Conghua Zhou

DOI: https://doi.org/10.1155/2013/913782

IF: 1.938

2013-01-01

International Journal of Distributed Sensor Networks

Abstract:The mobile wireless sensor network (MWSN) is a new style WSN with mobile sinks or sensors in the network. MWSN has advantages over static WSN in the aspect of better energy efficiency, improved coverage, and superior channel capacity. However, mobile nodes also bring some security problems. For example, it is difficult to ensure secure communications among the mobile nodes and static nodes. In this paper, we design a lightweight mobile reauthentication protocol for mobile nodes. The designed protocol provides forward secure pairwise key for the mobile node when it moves from one cluster to another. Thus, the mobile sensor node can be authenticated by the new cluster head, and the privacy of his origin area is protected. In addition, the security and performance analysis shows that our scheme meets the need of lower communication and computation overhead, while achieving security requirement for mobile sensor node application in MWSN.