Daojing He,Sammy Chan,Chun Chen,Jiajun Bu,Rong Fan

DOI: https://doi.org/10.1007/s11277-010-0033-5

IF: 2.017

2010-01-01

Wireless Personal Communications

Abstract:Designing a user authentication protocol with anonymity for the global mobility network (GLOMONET) is a difficult task because wireless networks are susceptible to attacks and each mobile user has limited power, processing and storage resources. In this paper, a secure and lightweight user authentication protocol with anonymity for roaming service in the GLOMONET is proposed. Compared with other related approaches, our proposal has many advantages. Firstly, it uses low-cost functions such as one-way hash functions and exclusive-OR operations to achieve security goals. Having this feature, it is more suitable for battery-powered mobile devices. Secondly, it uses nonces instead of timestamps to avoid the clock synchronization problem. Therefore, an additional clock synchronization mechanism is not needed. Thirdly, it only requires four message exchanges between the user, foreign agent and home agent. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, no password table, and high efficiency in password authentication. Security and performance analyses show that compared with other related authentication schemes, the proposed scheme is more secure and efficient.

Shashidhara R.,Bojjagani Sriramulu,Maurya Anup Kumar,Kumari Saru,Xiong Hu

DOI: https://doi.org/10.1007/s12083-020-00929-y

IF: 3.488

2020-01-01

Peer-to-Peer Networking and Applications

Abstract:The authentication system plays a crucial role in the context of GLObal MObility NETwork (GLOMONET) where Mobile User (MU) often need to seamless and secure roaming service over multiple Foreign Agents (FA). However, designing a robust and anonymous authentication protocol along with a user privacy is essential and challenging task. Due to the resource constrained property of mobile terminals, the broadcast nature of a wireless channel, mobility environments are frequently exposed to several attacks. Many researchers focus their interests on designing an efficient and secure mobile user authentication protocol for mobility networks. Very recently (in 2018), Xu et al presented the novel anonymous authentication system for roaming in GLOMONET, and insisted that their protocol is more secure than existing authentication protocols. The security strength of Xu et al.'s authentication protocol is analysed and identified that the protocol is vulnerable to stolen verifier attack, privileged insider attack, impersonation attack and denial of service attack. In-fact, the protocol suffers from clock synchronization problem and cannot afford local password-verification to detect wrong passwords quickly. As a remedy, we proposed an efficient and robust anonymous authentication protocol for mobility networks. The proposed mobile user authentication protocol achieves the provable security and has the ability to resist against numerous network attacks. Besides, the correctness of the novel authentication protocol is validated using formal security tool called AVISPA (Automated Validation of Internet Security Protocols & Applications). Finally, the performance analysis and simulation results reveals that the proposed authentication protocol is computationally efficient and practically implementable in resource limited mobility environments.

Chun Chen,Daojing He,samuel y c chan,Jiajun Bu,Yi Gao,Rong Fan

DOI: https://doi.org/10.1002/dac.1158

2011-01-01

International Journal of Communication Systems

Abstract:Seamless roaming in the global mobility network (GLOMONET) is highly desirable for mobile users, although their proper authentication is challenging. This is because not only are wireless networks susceptible to attacks, but also mobile terminals have limited computational power. Recently, some authentication schemes with anonymity for the GLOMONET have been proposed. This paper shows some security weaknesses in those schemes. Furthermore, a lightweight and provably secure user authentication scheme with anonymity for the GLOMONET is proposed. It uses only symmetric cryptographic and hash operation primitives for secure authentication. Besides, it takes only four message exchanges among the user, foreign agent and home agent. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, user friendly, no password/verifier table, and use of one-time session key between mobile user and foreign agent. The security properties of the proposed protocol are formally validated by a model checking tool called AVISPA. Furthermore, as one of the new features in our protocol, it can defend smart card security breaches. Copyright © 2010 John Wiley & Sons, Ltd. (In this paper, we propose a lightweight and provably secure user authentication scheme with anonymity for the global mobility network. It uses only symmetric cryptographic and hash operation primitives for secure authentication. Besides, it takes only four message exchanges among the user, foreign agent and home agent. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity and user friendly. Furthermore, it can defend smart card security breaches.)

Fan Wu,Lili Xu,Saru Kumari,Xiong Li,Muhammad Khurram Khan,Ashok Kumar Das

DOI: https://doi.org/10.1007/s12243-016-0547-2

2016-01-01

Annals of Telecommunications

Abstract:Roaming service is required in the ubiquitous access used in the global mobility networks (GLOMONETs) and the security is one of the most important issues. Many researchers focus their interests on authentication schemes for GLOMONETs. In 2015, Gope and Hwang, Zhang et al. and Farash et al. proposed their key agreement authentication schemes for GLOMONETs, respectively. However, we find weaknesses in them. Gope and Hwang’s scheme is under the off-line guessing attack and the de-synchronization attack. Moreover, it does not keep strong forward security and the session key is known by the home agent. Zhang et al.’s scheme has several weaknesses including vulnerability to the off-line guessing attack, destitution of password change phase, and the leakage of updated session key. Farash et al.’s scheme lacks user anonymity and strong forward secrecy and is vulnerable to the off-line password guessing attack. The session key is known to the home agent, too. Furthermore, neither Gope and Hwang’s scheme nor Farash et al.’s scheme has the session key update phase. To eliminate the problems, we present an improved authentication and key agreement scheme for GLOMONETs. According to the formal proof and the informal analysis, our scheme is well-performed and applicable.

Vanga Odelu,Soumya Banerjee,Ashok Kumar Das,Samiran Chattopadhyay,Saru Kumari,Xiong Li,Adrijit Goswami

DOI: https://doi.org/10.1007/s11277-017-4302-4

IF: 2.017

2017-01-01

Wireless Personal Communications

Abstract:In real-life applications, ensuring secure transmission of data over public network channels to prevent malicious eavesdropping of the data is an important issue. Several potential security risks arise while protecting data and providing access control over the data. Due to the broadcast nature of the wireless channels, wireless networks are often vulnerable to various possible known attacks. Therefore, designing a secure and efficient authentication scheme in the global mobility network (GLOMONET) environment becomes a challenging task to the researchers. In recent years, several user authentication schemes for roaming services in GLOMONET have been proposed. However, most of them are either vulnerable to various known attacks or they are inefficient. Most recently, Zhao et al. proposed an anonymous authentication scheme for roaming service in GLOMONET (Zhao et al. in Wireless Personal Communications 78:247–269, 2014) and they claimed that their scheme can withstand all possible known attacks. In this paper, Zhao et al.’s scheme is revisited, and it is shown that their scheme fails to provide strong user anonymity when the session-specific temporary information are revealed to an adversary. Further, their scheme does not protect replay attack, offline password guessing attack and privileged-insider attack. In addition, there is no provision for revocation and re-registration mechanism in their scheme and also there exists design flaw in their schemeu. Moreover, another recently proposed Memon et al.’s scheme (Memon et al. in Wireless Personal Communications 84:1487–1508, 2015) fails to protect the privileged-insider attack. Thus, there is a great need to provide security enhancement of their schemes in order to apply in practical applications. The proposed scheme withstands the security weaknesses found in Zhao et al.’s scheme and Memon et al.’s scheme. Through the rigorous formal and informal security analysis, it is shown that the proposed scheme has the ability to tolerate various known attacks. In addition, the proposed scheme is simulated using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications tool and the simulation results reveal that the proposed scheme is secure. The proposed scheme is also efficient in computation and communication as compared to Zhao et al.’s scheme and other related schemes.

Fan Wu,Lili Xu,Saru Kumari,Xiong Li,Ashok Kumar Das,Muhammad Khurram Khan,Marimuthu Karuppiah,Renuka Baliyan

DOI: https://doi.org/10.1002/sec.1558

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Ubiquitous networks support the roaming service for mobile communication devices. The mobile user can use the services in the foreign network with the help of the home network. Mutual authentication plays an important role in the roaming services, and researchers put their interests on the authentication schemes. Recently, in 2016, Gope and Hwang found that mutual authentication scheme of He et al. for global mobility networks had security disadvantages such as vulnerability to forgery attacks, unfair key agreement, and destitution of user anonymity. Then, they presented an improved scheme. However, we find that the scheme cannot resist the off-line guessing attack and the de-synchronization attack. Also, it lacks strong forward security. Moreover, the session key is known to HA in that scheme. To get over the weaknesses, we propose a new two-factor authentication scheme for global mobility networks. We use formal proof with random oracle model, formal verification with the tool Proverif, and informal analysis to demonstrate the security of the proposed scheme. Compared with some very recent schemes, our scheme is more applicable. Copyright © 2016 John Wiley & Sons, Ltd.

Xiong Li,Arun Kumar Sangaiah,Saru Kumari,Fan Wu,Jian Shen,Muhammad Khurram Khan

DOI: https://doi.org/10.1007/s00779-017-1054-9

2017-01-01

Personal and Ubiquitous Computing

Abstract:Smart city improves quality of life for urban residents by using multiple information and communication technologies. As the network infrastructure of smart city, GLObal MObility NETwork (GLOMONET) can offer seamless network connection service for mobile subscribers. Whereas, because of the opening characteristics of wireless channel and various attacks, security becomes a vital issue in GLOMONET. Recently, Karuppiah and Saravanan proposed an enhanced user authentication for roaming service in GLOMONET. Unfortunately, their scheme lacks the features of session key update and perfect forward secrecy, and the session key can be revealed by home agent. Besides, their scheme faces clock synchronization problem and efficiency problem. In order to provide secure authentication service, a novel ECC (elliptic curve cryptosystem)- based user authentication scheme for roaming service in smart city is proposed in this manuscript. The security features of the proposed scheme are formally evaluated by using provable security method under random oracle model and also present informal analysis. In addition, comparative analysis is given among our scheme and relevant protocols. The results of comparative analysis illustrate that the proposed protocol provides robust and efficient for roaming service in smart city.

Yixin Jiang,Chuang Lin,Xuemin Shen,Minghui Shi

DOI: https://doi.org/10.1007/11422778_10

2005-01-01

Abstract:Two novel mutual authentication and key exchange protocols with anonymity are proposed for different roaming scenarios in the global mobility network (GLOMONET). The proposed protocols have new features, such as identity anonymity and one-time session key progression. Identity anonymity protects mobile users' privacy in the roaming network environment. One-time session key progression frequently renews the session key for mobile users and reduces the risk of using a compromised session key to communicate with visited networks. It is shown that the computation complexity of the proposed protocols is similar to the existing one appeared in the literature, while the security has been significantly enhanced.

Fan Wu,Xiong Li,Lili Xu,Saru Kumari,Arun Kumar Sangaiah

DOI: https://doi.org/10.1016/j.compeleceng.2018.03.030

IF: 4.152

2018-01-01

Computers & Electrical Engineering

Abstract:Smart healthcare is an emergent part in modern telemedical technology. To solve the problem of collecting information from roaming patients, global mobility network (GLOMONET) is a good way for data transferring. It is common sense that wireless circumstance is full of attacks, and the case how to protect the wireless network away from danger attracts researchers. We present a new two-factor authentication scheme for GLOMONETs to vanquish the hazard. Then the formal proof demonstrates that the attacker can crack the session key and the privacy of the scheme with a negligibly higher probability than directly guessing the password. Moreover, according to the informal analysis model, our scheme meets all the security properties. Finally, via performance comparison and network communication simulation by NS-3, our scheme is fit for practicality.

Marimuthu Karuppiah,Saru Kumari,Xiong Li,Fan Wu,Ashok Kumar Das,Muhammad Khurram Khan,R. Saravanan,Sayantani Basu

DOI: https://doi.org/10.1007/s11277-016-3672-3

IF: 2.017

2016-01-01

Wireless Personal Communications

Abstract:User authentication scheme is an essential issue for offering roaming service to mobile users in global mobile network (GLOMONET). However, designing an anonymous user authentication scheme in GLOMONET is a challenging task since wireless communication networks are susceptible to a variety of attacks and mobile devices are of limited storage, processing and communication capabilities. Recently, Miyoung and Rhee examined the schemes proposed by Wei et al. and Wu et al., and came up with an improved authentication scheme offering user anonymity in GLOMONET. We point out that Miyoung and Rhee scheme is exposed to off-line password guessing and user impersonation attacks. Also, their scheme cannot offer user anonymity, password change or updating option and quick detection of wrong password. In order to overcome the flaws present in Miyoung and Rhee scheme, we propose a dynamic ID-based generic framework for anonymous authentication scheme for roaming service in GLOMONET, which is invincible to various prying attacks of intruders. Furthermore, the performance analysis proves that our scheme is versatile, simple and secure when compared to the existing authentication schemes.

Marimuthu Karuppiah,Saru Kumari,Ashok Kumar Das,Xiong Li,Fan Wu,Sayantani Basu

DOI: https://doi.org/10.1002/sec.1598

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Ubiquitous networks provide effective roaming services for mobile users (MUs). Through the worldwide roaming technology, authorized MUs can avail ubiquitous network services. Important security issues to be considered in ubiquitous networks are authentication of roaming MUs and protection of privacy of MUs. However, because of the broadcast nature of wireless channel and resource limitations of terminals, providing efficient user authentication with privacy preservation is a challenging task. Very recently, Farash et al. proposed an authentication scheme with anonymity for consumer roaming in ubiquitous networks and claimed their scheme achieves all security requirements. In this paper, we show that the scheme of Farash et al. fails to achieve user anonymity and mutual authentication. Their scheme also fails to provide local password verification, and it has a faulty password change phase. Moreover, their scheme is vulnerable to replay, offline password guessing, and forgery attacks. To fix the security flaws of the scheme of Farash et al., we present an improved authentication scheme for accessing roaming service provided by ubiquitous networks. We then formally verify the security properties of our scheme by the widely-accepted push-button tool called Automated Validation of Internet Security Protocols and Applications. Security and performance analyses show that our scheme is more powerful, efficient, and secure when it is compared with existing schemes. Copyright (C) 2016 John Wiley & Sons, Ltd.

Xiong Li,Jianwei Niu,Saru Kumari,Fan Wu,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1016/j.future.2017.04.012

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:Smart city is a development tendency of future city, which improves almost all aspects of quality of urban residents’ life by adopting Information and Communication Technology. In smart city, people can interact directly with the community and the infrastructure at anytime and anywhere, where GLObal MObility NETwork (GLOMONET) is an important network infrastructure for smart city. Recently, Gope and Hwang proposed an efficient authentication scheme for GLOMONET. However, we find their scheme lacks session key update and wrong password detection mechanisms, and vulnerable to denial-of-service attack. Besides, the session key can be known by HA (home agent), and perfect forward secrecy cannot be ensured. Furthermore, in their scheme, HA has to take heavy secret key management work. Based on previous work, this paper first summarizes the security and function requirements of authentication for GLOMONET in smart city environment. Later, this paper proposed a robust biometrics based three-factor authentication scheme for GLOMONET in smart city. Security features of the proposed scheme are analyzed in detail, and comparisons of our scheme with other related schemes are illustrated. Analysis and comparison results show that our scheme meets the preconcerted security requirements of authentication for GLOMONET in smart city environment, and it is robust for GLOMONET in smart city environments with higher security requirements.

Lili Xu,Fan Wu

DOI: https://doi.org/10.1002/sec.1551

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:As an important service, global roaming is widely used in global mobility networks to make the stable connectivity when the user goes through between different networks. To keep the security of communication, mutual authentication among the foreign agent, the home agent, and the user is a necessary part before normal data flow of the communication. Besides that, the need that the user's personal information should be protected is also an urgent task in the intercourse. Until now, a host of two-factor authentication schemes has been presented, and many weaknesses are presented under security analysis. Here, we propose a new three-factor key agreement and authentication scheme to overcome the problems, which exist in the past schemes. The security of the scheme is proved with three ways. The first is the formal proof employing the random oracle model. The second is the formal verification with Proverif, and the last is the informal analysis. And the presented scheme has all common security properties and is practical for applications. Copyright © 2016 John Wiley & Sons, Ltd.

Guomin Yang,Qiong Huang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.1109/twc.2010.01.081219

IF: 10.4

2010-01-01

IEEE Transactions on Wireless Communications

Abstract:A secure roaming protocol allows a roaming user.. to visit a foreign server.. and establish a session key in an authenticated way such that.. authenticates.. and at the same time convinces.. that it is a legitimate subscriber of some server H, called the home server of U. The conventional approach requires the involvement of all the three parties. In this paper, we propose a new approach which requires only two parties, U and V, to get involved. We propose two protocols: one provides better efficiency and supports user anonymity to an extent comparable to that provided by current mobile systems; and the other one achieves Strong User Anonymity that protects U's identity against both eavesdroppers and foreign servers and is currently the strongest notion of user anonymity defined for secure roaming. Both protocols are universal in the sense that the same protocol and signaling flows are used regardless of the domain ( home or foreign) that.. is visiting. This helps reducing the system complexity in practice. We also propose a practical user revocation mechanism, which is one of the most challenging problems for two-party roaming supporting Strong User Anonymity. Our solutions can be applied in various kinds of roaming networks such as Cellular Networks and interconnected Wireless Local Area Networks.

Kaiping Xue,Xinyi Luo,Yongjin Ma,Jian Li,Jianqing Liu,David S. L. Wei

DOI: https://doi.org/10.1109/tvt.2022.3148303

IF: 6.8

2022-01-01

IEEE Transactions on Vehicular Technology

Abstract:Secure and real-time communication is an essential condition in mobile vehicular networks, and this requires secure authentication and seamless access enabled by roaming services. As a security inspector, roaming authentication ensures that legitimate users can access the network securely. However, today’s roaming authentication protocols authenticate users with the help of centralized authentication servers, leading to the risk of the single point of failure and roaming fraud. The massive device access in 5G networks further exacerbates the losses when problems occur. In light of it, we propose a decentralized fraud-proof roaming authentication framework based on blockchain. We leverage smart contracts to implement a roaming authentication protocol, including user/AP registration, authentication, and revocation. For higher efficiency, we utilize the Bloom filter for the revocation process. In addition, we design an unforgeable and undeniable billing scheme based on hash chain technology. Security and performance analysis show that the proposed roaming authentication scheme can provide the required security features while incurring an acceptable authentication delay.

Yixin Jiang,Chuang Lin,Xuemin (Sherman) Shen,Minghui Shi

DOI: https://doi.org/10.1109/twc.2006.05063

IF: 10.4

2006-01-01

IEEE Transactions on Wireless Communications

Abstract:Two novel mutual authentication and key exchange protocols with anonymity are proposed for different roaming scenarios in the global mobility network. The new features in the proposed protocols include identity anonymity and one-time session key renewal. Identity anonymity protects mobile users privacy in the roaming network environment. One-time session key progression frequently renews the session key for mobile users and reduces the risk of using a compromised session key to communicate with visited networks. It has demonstrated that the computation complexity of the proposed protocols is similar to the existing ones, while the security has been significantly improved

Daojing He,Maode Ma,Yan Zhang,Chun Chen,Jiajun Bu

DOI: https://doi.org/10.1016/j.comcom.2010.02.031

IF: 5.047

2011-01-01

Computer Communications

Abstract:Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.

Xiaowen Chu,Yixin Jiang,Chuang Lin,Fujun Feng

DOI: https://doi.org/10.1007/11839569_39

2006-01-01

Abstract:In this paper, based on self-certified mechanism, we propose a novel mutual authentication and key exchange protocol for roaming services in the global mobility network. The main new features included in the proposed protocol are (1) identity anonymity, which protects location privacy of mobile users in the roaming network environment; (2) one-time session key renewal, which frequently updates the session key for mobile users and hence reduces the risk of using a compromised session key to communicate with the visited network. The performance analysis shows that the computational complexity of our protocol is low and suitable to be used on mobile equipments.

Chang-Shiun Liu,Li Xu,Limei Lin,Min-Chi Tseng,Shih-Ya Lin,Hung-Min Sun

DOI: https://doi.org/10.1007/978-3-319-46298-1_4

2016-01-01

Abstract:Most of the mutual authentication protocols with user anonymity proposed for providing secure roaming service through wireless communications are based on smart cards and have to establish public key cryptosystems in advance. To solve this, Guo et al. firstly proposed an efficient mutual authentication protocol with user anonymity using smart card for wireless communications. Unfortunately, we will demonstrate their scheme requires high modular exponential operations for security issues, and does not allow users to change passwords freely. Based on modular square root, we propose an efficient remote user authentication protocol with smart cards for wireless communications. Compared with others, our protocol is more suitable for mobile devices and smart-card users.

Ding Wang,Ping Wang,Jing Liu

DOI: https://doi.org/10.1109/WCNC.2014.6953015

2014-01-01

Abstract:User authentication is an important security mechanism that allows mobile users to be granted access to roaming service offered by the foreign agent with assistance of the home agent in mobile networks. While security-related issues have been well studied, how to preserve user privacy in this type of protocols still remains an open problem. In this paper, we revisit the privacy-preserving two-factor authentication scheme presented by Li et al. at WCNC 2013. We show that, despite being armed with a formal security proof, this scheme actually cannot achieve the claimed feature of user anonymity and is insecure against offline password guessing attacks, and thus, it is not recommended for practical applications. Then, we figure out how to fix these identified drawbacks, and suggest an enhanced scheme with better security and reasonable efficiency. Further, we conjecture that under the non-tamper-resistant assumption of the smart cards, only symmetric-key techniques are intrinsically insufficient to attain user anonymity.