Provable Security Research on User Authentication Scheme of Roaming Network

doi:10.3969/j.issn.1671-1122.2015.07.008

Abstract

Abstract:

Global mobility network (GLOMONET) is a useful network environment which allows a mobile user to access the services provided by his home network in a foreign network. In order to ensure the secure communications conducted over the GLOMONET, it is important to authenticate mobile users before providing services. Recently, due to the advantages of tamper-resistance and convenience in managing the password files, some secure authentication schemes based on smart cards are proposed. The article points out the security vulnerabilities in some schemes and proposes a modified user authentication scheme. The scheme adopts the elliptic curve encryption system and uses low-cost function such as one-way hash function and exclusive-OR operation, so it is more secure and it has smaller amounts of calculations and smaller storage spaces. It is more suitable for battery-powered mobile equipments. It only requires four information exchanges between user and two agents. It possesses important security attributes including single registration, user anonymity, and no password table. The scheme is proved that can resist various attacks such as replay attack, known-key attack, imitation attack, and inside attack.

Key words: roaming network, smart card, anonymity security

CLC Number:

TP309

Hui-zhi LI, Guang-guo HAN, Yi WANG. Provable Security Research on User Authentication Scheme of Roaming Network[J]. Netinfo Security, 2015, 15(7): 51-57.

Figures/Tables 1

References 20

[1]	ZHU J M, MA J F.A new authentication scheme with anonymity for wireless environments[J]. IEEE Transactions on Consumer Electronics, 2004, 50(1): 230-234.
[2]	Chenchi Lee, Minshiang Hwang, Ien Liao.Security enhancement on a new authentication scheme with anonymity for wireless environments[J]. IEEE Transactions on Consumer Electronics, 2006, 53(5): 1683-1687.
[3]	李顺东,王道顺. 现代密码学:理论、方法与研究前沿[M]. 北京:科学出版社,2009.
[4]	Douglas R Stinson著. 密码学原理与实践(第三版)[M].冯登国译.北京:电子工业出版社,2009.
[5]	Chiachun Wu, Weibin Lee.A secure authentication scheme with anonymity for wireless communications[J]. IEEE Communications Letters ,2008, 12(10): 722-723.
[6]	Peng Zeng, Zhenfu Cao, Kimkwang Choo.On the anonymity of some authentication schemes for wireless communications[J]. IEEE Communications Letters, 2009, 13(3): 170-171.
[7]	Jiseon Lee, Jikchang Chang, Donghoon Lee.Security flaw of authentication scheme with anonymity for wireless communications[J]. IEEE Communications Letters, 2009, 13(5): 292-293.
[8]	Darrel Hankerson,Alfred Menezes,Scott Vanstone著.椭圆曲线密码学导论[M].张焕国,等译.北京:电子工业出版社,2003.
[9]	Daojing He, Maode Ma, Yan Zhang, et al.A strong user authentication with smart cards for wireless communications[J]. Comput. Commun, 2010, 31(2): 1-8.
[10]	Teakyoung Youn, Youngho Park, Jongin Lim.Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks[J]. IEEE Communications Letters, 2009, 13(7): 471-473.
[11]	Blaze M, Ioannidis J, Keromytis AD, et al.Anonymity in wireless broadcast networks[J]. Inteernational Journal of Network Security,2009,8(1):37-51.
[12]	卢开澄,卢华明,椭圆曲线算法导引[M]. 北京:清华大学出版社,2008.
[13]	桑林琼,王玉柱,高峰. 一种基于RSA的军用智能卡双向身份认证方案设计与分析[J].后勤工程学院学报,2007,(2):30-35.
[14]	王沂,韩广国,李慧智.无线网络中可证安全的移动用户密钥交换协议[J].信息网络安全,2015.(3):54-58.
[15]	Zhou Tao, Xu Jing.Provable secure authentication protocal with anonymity for roaming service in global mobility networks[J]. Computer Networks,2011,(2):205-213.
[16]	Daojing He, Chun Chen, Sammy Chan, et al.Design and validation of an efficient authentication scheme with anonymity for roaming service in global mobility networks[J]. Wireless Pers Commun, 2011, 25(5): 465-467.
[17]	Minsu park, Hyunsung Kim, Sung Woon Lee. Privacy preserving biometric-based user authentication protocol using smart cards[J]. IEEE International Conference on Computational Science and Engineering, 2014, 14(3): 1541-1544.
[18]	Huixian Li, Yafang Yang, Liaojun Pang.An Efficient Authentication Protocol with user anonymity for mobile networks[J]. IEEE Wireless Communications and Networking Conference,2013,13(9): 1842-1847.
[19]	Ashok Kumar Das.A Secure User Anonymity-Preserving Three-Factor Remote User Authentication Scheme for the Telecare Medicine Information Systems[J]. Springer Science Business Media, 2015,(1):67-71.
[20]	Zezhong Zhang, Qingqing Qi, Neeraj Kumar, et al.A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography[J]. Springer Science Business Media,2014,(3):453-455.