Kaiping Xue,Xinyi Luo,Hangyu Tian,Jianan Hong,David S. L. Wei,Jian Li

DOI: https://doi.org/10.1109/tvt.2021.3138203

IF: 6.8

2022-01-01

IEEE Transactions on Vehicular Technology

Abstract:In mobile communication networks, when a user roams to and accesses a foreign network, the foreign operator needs to request the user’s subscription data from a centralized authentication server, which is managed by the user’s home operator. However, centralized authentication introduces single point of failure. Meanwhile, the real-time participation of the home operator and the trust relationship between the foreign operator and the home operator are difficult to guarantee. In this paper, by adopting blockchain and smart contracts, we propose a secure and efficient access control scheme of user subscription data in roaming scenarios. We further design a flexible user authentication scheme, which utilizes derivable tokens based on the proposed access control scheme. By using blockchain to store and manage user subscription data, access control can be decentralized without any trusted third party. Besides, by implementing automatic verification of access privilege through smart contracts, the limitation of the home operators’ real-time participation is eliminated. In addition, to further improve security and reduce the on-chain storage overhead, we optimize the data encryption and storage scheme utilizing threshold secret sharing. Our security and performance analysis show that the proposed user subscription data access control scheme for roaming service provides high-level security while causing acceptable time and storage overhead.

Cong Nguyen,Diep Nguyen,Hoang Thai Dinh,Anh Hoang Pham,Nguyen Tuong Huynh,Yong Xiao,Eryk Dutkiewicz

DOI: https://doi.org/10.1109/tmc.2021.3065672

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Mobile service providers (MSPs) are particularly vulnerable to roaming frauds, especially ones that exploit the long delay in the data exchange process of the contemporary roaming management systems, causing multi-billion dollars loss each year. In this paper, we introduce BlockRoam, a novel blockchain-based roaming management system that provides an efficient data exchange platform among MSPs and mobile subscribers. Utilizing the Proof-of-Stake (PoS) consensus mechanism and smart contracts, BlockRoam can significantly shorten the information exchanging delay, thereby addressing the roaming fraud problems. Through intensive analysis, we show that the security and performance of such PoS-based blockchain network can be further enhanced by incentivizing more users (e.g., subscribers) to participate in the network. Moreover, users in such networks often join stake pools (e.g., formed by MSPs) to increase their profits. Therefore, we develop an economic model based on Stackelberg game to jointly maximize the profits of the network users and the stake pool, thereby encouraging user participation. We also propose an effective method to guarantee the uniqueness of this game's equilibrium. The performance evaluations show that the proposed economic model helps the MSPs to earn additional profits, attracts more investment to the blockchain network, and enhances the network's security and performance.

computer science, information systems,telecommunications

Fan Wu,Lili Xu,Saru Kumari,Xiong Li,Ashok Kumar Das,Muhammad Khurram Khan,Marimuthu Karuppiah,Renuka Baliyan

DOI: https://doi.org/10.1002/sec.1558

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Ubiquitous networks support the roaming service for mobile communication devices. The mobile user can use the services in the foreign network with the help of the home network. Mutual authentication plays an important role in the roaming services, and researchers put their interests on the authentication schemes. Recently, in 2016, Gope and Hwang found that mutual authentication scheme of He et al. for global mobility networks had security disadvantages such as vulnerability to forgery attacks, unfair key agreement, and destitution of user anonymity. Then, they presented an improved scheme. However, we find that the scheme cannot resist the off-line guessing attack and the de-synchronization attack. Also, it lacks strong forward security. Moreover, the session key is known to HA in that scheme. To get over the weaknesses, we propose a new two-factor authentication scheme for global mobility networks. We use formal proof with random oracle model, formal verification with the tool Proverif, and informal analysis to demonstrate the security of the proposed scheme. Compared with some very recent schemes, our scheme is more applicable. Copyright © 2016 John Wiley & Sons, Ltd.

Yao Cheng,Li Yue,Naixia Duan,Chenglong Li

DOI: https://doi.org/10.1155/2022/5426288

2022-03-09

Wireless Communications and Mobile Computing

Abstract:An anonymous roaming scheme of mobile Internet was discussed in this paper aiming to improve the traditional authentication protocol that cannot satisfy the demand of user’s identity authentication when the mobile terminal is roaming in mobile Internet. The authentication server of remote network will complete the identity legitimacy verification of mobile terminal with the help of the home network authentication server. A temporary identity is used to prevent user’s anonymity protection from being tracked and eavesdropped, as well as other attacks, which can improve the confidential of user’s identity and location considerably. This anonymous roaming scheme can achieve a high-level of safety efficiently. This will also satisfy the development of the network technology.

computer science, information systems,telecommunications,engineering, electrical & electronic

Daojing He,Sammy Chan,Chun Chen,Jiajun Bu,Rong Fan

DOI: https://doi.org/10.1007/s11277-010-0033-5

IF: 2.017

2010-01-01

Wireless Personal Communications

Abstract:Designing a user authentication protocol with anonymity for the global mobility network (GLOMONET) is a difficult task because wireless networks are susceptible to attacks and each mobile user has limited power, processing and storage resources. In this paper, a secure and lightweight user authentication protocol with anonymity for roaming service in the GLOMONET is proposed. Compared with other related approaches, our proposal has many advantages. Firstly, it uses low-cost functions such as one-way hash functions and exclusive-OR operations to achieve security goals. Having this feature, it is more suitable for battery-powered mobile devices. Secondly, it uses nonces instead of timestamps to avoid the clock synchronization problem. Therefore, an additional clock synchronization mechanism is not needed. Thirdly, it only requires four message exchanges between the user, foreign agent and home agent. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, no password table, and high efficiency in password authentication. Security and performance analyses show that compared with other related authentication schemes, the proposed scheme is more secure and efficient.

Minghui Shi,Xuemin (Sherman) Shen,Jon W. Mark,Dongmei Zhao,Yixin Jiang

DOI: https://doi.org/10.1016/j.comnet.2008.02.012

IF: 5.493

2008-01-01

Computer Networks

Abstract:In this paper, a framework of authentication and undeniable billing support for an agent-based roaming service in WLAN/cellular networks interworking networks is proposed. This framework circumvents the requirement of peer-to-peer roaming agreements to provide seamless roaming service between WLAN hotspots and cellular networks operated by independent wireless network service providers. Within the framework, an adaptive authentication and an event-tracking scheme have been developed, which allow the application of undeniable billing service to cellular network even when it still uses a traditional authentication scheme. The proposed modified dual directional hash chain (MDDHC) based billing support mechanism features mutual non-repudiation. Security analysis and overhead evaluation demonstrate that the proposed framework is secure and efficient.

Shashidhara R.,Bojjagani Sriramulu,Maurya Anup Kumar,Kumari Saru,Xiong Hu

DOI: https://doi.org/10.1007/s12083-020-00929-y

IF: 3.488

2020-01-01

Peer-to-Peer Networking and Applications

Abstract:The authentication system plays a crucial role in the context of GLObal MObility NETwork (GLOMONET) where Mobile User (MU) often need to seamless and secure roaming service over multiple Foreign Agents (FA). However, designing a robust and anonymous authentication protocol along with a user privacy is essential and challenging task. Due to the resource constrained property of mobile terminals, the broadcast nature of a wireless channel, mobility environments are frequently exposed to several attacks. Many researchers focus their interests on designing an efficient and secure mobile user authentication protocol for mobility networks. Very recently (in 2018), Xu et al presented the novel anonymous authentication system for roaming in GLOMONET, and insisted that their protocol is more secure than existing authentication protocols. The security strength of Xu et al.'s authentication protocol is analysed and identified that the protocol is vulnerable to stolen verifier attack, privileged insider attack, impersonation attack and denial of service attack. In-fact, the protocol suffers from clock synchronization problem and cannot afford local password-verification to detect wrong passwords quickly. As a remedy, we proposed an efficient and robust anonymous authentication protocol for mobility networks. The proposed mobile user authentication protocol achieves the provable security and has the ability to resist against numerous network attacks. Besides, the correctness of the novel authentication protocol is validated using formal security tool called AVISPA (Automated Validation of Internet Security Protocols & Applications). Finally, the performance analysis and simulation results reveals that the proposed authentication protocol is computationally efficient and practically implementable in resource limited mobility environments.

Chunlei Li,Qian Wu,Hewu Li,Jun Liu

DOI: https://doi.org/10.1007/978-3-030-23597-0_12

2019-01-01

Abstract:Cross-domain roaming in Wi-Fi networks is ubiquitous and the frequency of global roaming of users has increased dramatically in recent years. To ensure network security, it is important to authenticate users belonging to different domains. Existing solutions like eduroam leverage a centralized and hierarchical architecture to authenticate users, which leads to serious performance and security issues in practice. In this paper, we propose Trustroam, a novel cross-domain authentication scheme in Wi-Fi networks based on blockchain. Different from traditional hierarchical solutions, Trustroam authenticates users and servers in a distributed and anonymous manner, avoiding several serious problems such as single point of failure and privacy leakage. Through the distributed consensus mechanism and mutual authentication, our scheme is highly fault tolerant to handle compromised server attacks. We implemented the Trustroam prototype in a real testbed. Experimental and evaluation results show that our scheme is superior to existing hierarchical solutions in terms of scalability, security and privacy preserving. Besides, Trustroam is an effective solution that can be conveniently and incrementally deployed in practical environments.

Xiong Li,Arun Kumar Sangaiah,Saru Kumari,Fan Wu,Jian Shen,Muhammad Khurram Khan

DOI: https://doi.org/10.1007/s00779-017-1054-9

2017-01-01

Personal and Ubiquitous Computing

Abstract:Smart city improves quality of life for urban residents by using multiple information and communication technologies. As the network infrastructure of smart city, GLObal MObility NETwork (GLOMONET) can offer seamless network connection service for mobile subscribers. Whereas, because of the opening characteristics of wireless channel and various attacks, security becomes a vital issue in GLOMONET. Recently, Karuppiah and Saravanan proposed an enhanced user authentication for roaming service in GLOMONET. Unfortunately, their scheme lacks the features of session key update and perfect forward secrecy, and the session key can be revealed by home agent. Besides, their scheme faces clock synchronization problem and efficiency problem. In order to provide secure authentication service, a novel ECC (elliptic curve cryptosystem)- based user authentication scheme for roaming service in smart city is proposed in this manuscript. The security features of the proposed scheme are formally evaluated by using provable security method under random oracle model and also present informal analysis. In addition, comparative analysis is given among our scheme and relevant protocols. The results of comparative analysis illustrate that the proposed protocol provides robust and efficient for roaming service in smart city.

Hadi Ghaemi,Dariush Abbasinezhad-Mood,Arezou Ostad-Sharif,Zakieh Alizadehsani

DOI: https://doi.org/10.1016/j.jnca.2024.103843

IF: 7.574

2024-04-01

Journal of Network and Computer Applications

Abstract:In mobility networks, users can receive desired services from foreign agents securely by means of a roaming authentication protocol. During the past decade, scholars have attempted to propose efficient and secure protocols. Nevertheless, careful observation of related works demonstrates that previously-proposed protocols have the following limitations. First, the home agent involvement is required for each key exchange between foreign agent and user, and if, for some reasons, home agent goes down, users of that home agent could no longer get services. Second, in these protocols, authors have assumed that home and foreign agents have a pre-shared key without discussing how this key can be generated, shared, or updated. Third, since in these protocols, the foreign agent needs to send any request from a user to his/her home agent, the number of messages and communication overhead are pretty high. In conclusion, in this paper, by suggesting a novel blockchain-assisted protocol, we intend to cover the above-mentioned crucial gaps. That is to say, our protocol is fault-tolerant, is free from the home agent involvement, and does not require any pre-shared key. Further, it has less overall latency and time compared to the related works. All of these merits have been achieved by a comparable computational cost and better communication overhead, which are demonstrated through our comparisons. More specifically, compared to all related protocols, the proposed one demonstrates at least 37% decrease in the communication overhead.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Marimuthu Karuppiah,Saru Kumari,Ashok Kumar Das,Xiong Li,Fan Wu,Sayantani Basu

DOI: https://doi.org/10.1002/sec.1598

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Ubiquitous networks provide effective roaming services for mobile users (MUs). Through the worldwide roaming technology, authorized MUs can avail ubiquitous network services. Important security issues to be considered in ubiquitous networks are authentication of roaming MUs and protection of privacy of MUs. However, because of the broadcast nature of wireless channel and resource limitations of terminals, providing efficient user authentication with privacy preservation is a challenging task. Very recently, Farash et al. proposed an authentication scheme with anonymity for consumer roaming in ubiquitous networks and claimed their scheme achieves all security requirements. In this paper, we show that the scheme of Farash et al. fails to achieve user anonymity and mutual authentication. Their scheme also fails to provide local password verification, and it has a faulty password change phase. Moreover, their scheme is vulnerable to replay, offline password guessing, and forgery attacks. To fix the security flaws of the scheme of Farash et al., we present an improved authentication scheme for accessing roaming service provided by ubiquitous networks. We then formally verify the security properties of our scheme by the widely-accepted push-button tool called Automated Validation of Internet Security Protocols and Applications. Security and performance analyses show that our scheme is more powerful, efficient, and secure when it is compared with existing schemes. Copyright (C) 2016 John Wiley & Sons, Ltd.

Shanpeng Liu,Xiong Li,Fan Wu,Junguo Liao,Jin Wang,Dingbao Lin

DOI: https://doi.org/10.3390/electronics8090939

IF: 2.9

2019-01-01

Electronics

Abstract:In today's society, Global Mobile Networks (GLOMONETs) have become an important network infrastructure that provides seamless roaming service for mobile users when they leave their home network. Authentication is an essential mechanism for secure communication among the mobile user, home network, and foreign network in GLOMONET. Recently, Madhusudhan and Shashidhara presented a lightweight authentication protocol for roaming application in GLOMONET. However, we found their protocol not only has design flaws, but is also vulnerable to many attacks. To address these weaknesses, this paper proposes a novel authentication protocol with strong security for GLOMONET based on previous work. The fuzzy verifier technique makes the protocol free from smart card breach attack, while achieving the feature of local password change. Moreover, the computational intractability of the Discrete Logarithm Problem (DLP) guarantees the security of the session key. The security of the protocol is verified by the ProVerif tool. Compared with other related protocols, our protocol achieves a higher level of security at the expense of small increases in computational cost and communication cost. Therefore, it is more suitable for securing the roaming application in GLOMONET.

Vanga Odelu,Soumya Banerjee,Ashok Kumar Das,Samiran Chattopadhyay,Saru Kumari,Xiong Li,Adrijit Goswami

DOI: https://doi.org/10.1007/s11277-017-4302-4

IF: 2.017

2017-01-01

Wireless Personal Communications

Abstract:In real-life applications, ensuring secure transmission of data over public network channels to prevent malicious eavesdropping of the data is an important issue. Several potential security risks arise while protecting data and providing access control over the data. Due to the broadcast nature of the wireless channels, wireless networks are often vulnerable to various possible known attacks. Therefore, designing a secure and efficient authentication scheme in the global mobility network (GLOMONET) environment becomes a challenging task to the researchers. In recent years, several user authentication schemes for roaming services in GLOMONET have been proposed. However, most of them are either vulnerable to various known attacks or they are inefficient. Most recently, Zhao et al. proposed an anonymous authentication scheme for roaming service in GLOMONET (Zhao et al. in Wireless Personal Communications 78:247–269, 2014) and they claimed that their scheme can withstand all possible known attacks. In this paper, Zhao et al.’s scheme is revisited, and it is shown that their scheme fails to provide strong user anonymity when the session-specific temporary information are revealed to an adversary. Further, their scheme does not protect replay attack, offline password guessing attack and privileged-insider attack. In addition, there is no provision for revocation and re-registration mechanism in their scheme and also there exists design flaw in their schemeu. Moreover, another recently proposed Memon et al.’s scheme (Memon et al. in Wireless Personal Communications 84:1487–1508, 2015) fails to protect the privileged-insider attack. Thus, there is a great need to provide security enhancement of their schemes in order to apply in practical applications. The proposed scheme withstands the security weaknesses found in Zhao et al.’s scheme and Memon et al.’s scheme. Through the rigorous formal and informal security analysis, it is shown that the proposed scheme has the ability to tolerate various known attacks. In addition, the proposed scheme is simulated using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications tool and the simulation results reveal that the proposed scheme is secure. The proposed scheme is also efficient in computation and communication as compared to Zhao et al.’s scheme and other related schemes.

Xiaowen Chu,Yixin Jiang,Chuang Lin,Fujun Feng

DOI: https://doi.org/10.1007/11839569_39

2006-01-01

Abstract:In this paper, based on self-certified mechanism, we propose a novel mutual authentication and key exchange protocol for roaming services in the global mobility network. The main new features included in the proposed protocol are (1) identity anonymity, which protects location privacy of mobile users in the roaming network environment; (2) one-time session key renewal, which frequently updates the session key for mobile users and hence reduces the risk of using a compromised session key to communicate with the visited network. The performance analysis shows that the computational complexity of our protocol is low and suitable to be used on mobile equipments.

Linsheng Yu,Mingxing He,Hongbin Liang,Ling Xiong,Yang Liu

DOI: https://doi.org/10.3390/s23031264

2023-01-22

Abstract:Authentication and authorization constitute the essential security component, access control, for preventing unauthorized access to cloud services in mobile cloud computing (MCC) environments. Traditional centralized access control models relying on third party trust face a critical challenge due to a high trust cost and single point of failure. Blockchain can achieve the distributed trust for access control designs in a mutual untrustworthy scenario, but it also leads to expensive storage overhead. Considering the above issues, this work constructed an authentication and authorization scheme based on blockchain that can provide a dynamic update of access permissions by utilizing the smart contract. Compared with the conventional authentication scheme, the proposed scheme integrates an extra authorization function without additional computation and communication costs in the authentication phase. To improve the storage efficiency and system scalability, only one transaction is required to be stored in blockchain to record a user's access privileges on different service providers (SPs). In addition, mobile users in the proposed scheme are able to register with an arbitrary SP once and then utilize the same credential to access different SPs with different access levels. The security analysis indicates that the proposed scheme is secure under the random oracle model. The performance analysis clearly shows that the proposed scheme possesses superior computation and communication efficiencies and requires a low blockchain storage capacity for accomplishing user registration and updates.

Fan Wu,Lili Xu,Saru Kumari,Xiong Li,Muhammad Khurram Khan,Ashok Kumar Das

DOI: https://doi.org/10.1007/s12243-016-0547-2

2016-01-01

Annals of Telecommunications

Abstract:Roaming service is required in the ubiquitous access used in the global mobility networks (GLOMONETs) and the security is one of the most important issues. Many researchers focus their interests on authentication schemes for GLOMONETs. In 2015, Gope and Hwang, Zhang et al. and Farash et al. proposed their key agreement authentication schemes for GLOMONETs, respectively. However, we find weaknesses in them. Gope and Hwang’s scheme is under the off-line guessing attack and the de-synchronization attack. Moreover, it does not keep strong forward security and the session key is known by the home agent. Zhang et al.’s scheme has several weaknesses including vulnerability to the off-line guessing attack, destitution of password change phase, and the leakage of updated session key. Farash et al.’s scheme lacks user anonymity and strong forward secrecy and is vulnerable to the off-line password guessing attack. The session key is known to the home agent, too. Furthermore, neither Gope and Hwang’s scheme nor Farash et al.’s scheme has the session key update phase. To eliminate the problems, we present an improved authentication and key agreement scheme for GLOMONETs. According to the formal proof and the informal analysis, our scheme is well-performed and applicable.

Jing Zheng,Xiaoliang Wang,Qing Yang,Wenhui Xiao,Yapeng Sun,Wei Liang

DOI: https://doi.org/10.1080/09540091.2022.2032602

2022-05-12

Connection Science

Abstract:The Internet of Vehicles is deployed in an open environment, and protecting its security and data privacy is the challenge. Carrying out the Internet of Vehicles secure authentication before interaction of information is an important part of ensuring the security foundation. Therefore, this article designs a safe and reliable Internet of Vehicles authentication and key agreement schemeassisted by blockchain. This article uses a multi-TA network model to improve the efficiency of authentication. Because of the rapid movement of vehicles, it will continue to appear cross-RSU and TA certification. Considering the disadvantages of most centralised authentication protocols using a single TA, this paper uses the multi-TA model to improve the efficiency of authentication. By usingblockchain technology to store the authentication information of vehicles, the cross-domain authentication of vehicles and the protection of user privacy information can be well realised. At the same time, in order to reduce the time of vehicle authentication, this scheme uses a lightweight calculation operation to complete the whole process of authentication. Through security analysis and results of Proverif simulation, the security of the solution is well proved, our scheme can resist various common attacks. Compared with some existing Internet of Vehicles security authentication protocols, the proposed scheme has a lower cost of computation, communication, and storage.

computer science, artificial intelligence, theory & methods

Farooq Ahmed,Xudong Li,Yukun Niu,Chi Zhang,Lingbo Wei,Chengjie Gu

DOI: https://doi.org/10.1109/nana51271.2020.00042

2020-01-01

Abstract:In recent years, cross-domain roaming through Wi-Fi is ubiquitous, and the number of roaming users has increased dramatically. It is essential to authenticate users belonging to different institutes to ensure network privacy and security. Existing systems, such as eduroam, have centralized and hierarchical structure on indorse accounts that create privacy and security issues. We have proposed UniRoam, a blockchain-based cross-domain authentication scheme that provides accountability and anonymity without any trusted authority. Unlike traditional centralized approaches, UniRoam provides access authentication for its servers and users to provide anonymity and accountability without any privacy leakage issues efficiently. By using the sovrin identifier as an anonymous identity, we integrate our system with Hyperledger and Intel SGX to authenticate users that preserves both anonymity and trust when the user connects to the network. Therefore, UniRoam is highly “faulted-tolerant” to deal with different attacks and provides an effective solution that can be deployed easily in different environments.

Ding Wang,Ping Wang,Jing Liu

DOI: https://doi.org/10.1109/WCNC.2014.6953015

2014-01-01

Abstract:User authentication is an important security mechanism that allows mobile users to be granted access to roaming service offered by the foreign agent with assistance of the home agent in mobile networks. While security-related issues have been well studied, how to preserve user privacy in this type of protocols still remains an open problem. In this paper, we revisit the privacy-preserving two-factor authentication scheme presented by Li et al. at WCNC 2013. We show that, despite being armed with a formal security proof, this scheme actually cannot achieve the claimed feature of user anonymity and is insecure against offline password guessing attacks, and thus, it is not recommended for practical applications. Then, we figure out how to fix these identified drawbacks, and suggest an enhanced scheme with better security and reasonable efficiency. Further, we conjecture that under the non-tamper-resistant assumption of the smart cards, only symmetric-key techniques are intrinsically insufficient to attain user anonymity.

Guomin Yang,Qiong Huang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.1109/twc.2010.01.081219

IF: 10.4

2010-01-01

IEEE Transactions on Wireless Communications

Abstract:A secure roaming protocol allows a roaming user.. to visit a foreign server.. and establish a session key in an authenticated way such that.. authenticates.. and at the same time convinces.. that it is a legitimate subscriber of some server H, called the home server of U. The conventional approach requires the involvement of all the three parties. In this paper, we propose a new approach which requires only two parties, U and V, to get involved. We propose two protocols: one provides better efficiency and supports user anonymity to an extent comparable to that provided by current mobile systems; and the other one achieves Strong User Anonymity that protects U's identity against both eavesdroppers and foreign servers and is currently the strongest notion of user anonymity defined for secure roaming. Both protocols are universal in the sense that the same protocol and signaling flows are used regardless of the domain ( home or foreign) that.. is visiting. This helps reducing the system complexity in practice. We also propose a practical user revocation mechanism, which is one of the most challenging problems for two-party roaming supporting Strong User Anonymity. Our solutions can be applied in various kinds of roaming networks such as Cellular Networks and interconnected Wireless Local Area Networks.