Browse > Article
http://dx.doi.org/10.3837/tiis.2016.03.018

Robust ID based mutual authentication and key agreement scheme preserving user anonymity in mobile networks  

Lu, Yanrong (Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications)
Li, Lixiang (Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications)
Peng, Haipeng (Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications)
Yang, Yixian (Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.10, no.3, 2016 , pp. 1273-1288 More about this Journal
Abstract
With the swift growth of wireless technologies, an increasing number of users rely on the mobile services which can exchange information in mobile networks. Security is of key issue when a user tries to access those services in this network environment. Many authentication schemes have been presented with the purpose of authenticating entities and wishing to communicate securely. Recently, Chou et al. and Farash-Attari presented two ID authentication schemes. They both claimed that their scheme could withstand various attacks. However, we find that the two authentication schemes are vulnerable to trace attack while having a problem of clock synchronization. Additionally, we show that Farash-Attari's scheme is still susceptible to key-compromise impersonation attack. Therefore, we present an enhanced scheme to remedy the security weaknesses which are troubled in these schemes. We also demonstrate the completeness of the enhanced scheme through the Burrow-Abadi-Needham (BAN) logic. Security analysis shows that our scheme prevents the drawbacks found in the two authentication schemes while supporting better secure attributes. In addition, our scheme owns low computation overheads compared with other related schemes. As a result, our enhanced scheme seems to be more practical and suitable for resource-constrained mobile devices in mobile networks.
Keywords
Authentication; anonymous; two-factor; client-server networks;
Citations & Related Records
연도 인용수 순위
  • Reference
1 T.H. Chen, W.B. Lee, H.B. Chen, “A round-and computation-efficient three-party authenticated key exchange protocol,” Journal of Systems and Software, vol.81, no. 9, pp. 1581-1590, 2008. Article (CrossRef Link)   DOI
2 Z.W. Tan, “An enhanced three-party authentication key exchange protocol for mobile commerce environments,” Journal of Communications, vol. 5, no. 5, pp. 436-443, 2010. Article (CrossRef Link)   DOI
3 D.B. He, Y.T. Chen, and J.H. Chen, “An ID-based three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments,” Arabian Journal for Science and Engineering, vol.38, no. 8, pp. 2055-2061, 2013. Article (CrossRef Link)   DOI
4 M. Burrow, M. Abadi, R.M. Needham, “A logic of authentication,” ACM Transactions on Computer Systems, vol. 8: 18-36, 1990. Article (CrossRef Link)   DOI
5 D. Boneh, M. Franklin, “Identity-based encryption from the Weil pairing,” SIAM Journal on Computing, vol. 32, no.3, pp. 586-615, 2003. Article (CrossRef Link)   DOI
6 K. Shim, "Cryptanalysis of two ID-based authenticated key agreement protocols from pairings," Cryptology ePrint Archive Report, 357, 2005. Article (CrossRef Link)
7 H.M. Sun, B.T. Hsieh, “Security analysis of Shim’s authenticated key agreement protocols from pairings,” Cryptology ePrint Archive Report, 113, 2003. Article (CrossRef Link)
8 M. Hölbl, T. Welzer, B. Brumen, “An improved two-party identity-based authenticated key agreement protocol using pairings,” Journal of Computer and System Sciences, vol. 78, pp. 142-150, 2012. Article (CrossRef Link)   DOI
9 X.F. Cao, W.D. Kou, Y.U. Yu, R. Sun, “Identity-based authentication key agreement protocols without bilinear pairings,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. 91, no. 12 , pp. 3833-3836, 2008. Article (CrossRef Link)   DOI
10 V.S. Miller, "Use of elliptic curves in cryptography," Advances in Cryptology-Crypto'85 Proceedings, Springer Berlin, Heidelberg, 417, 1986. Article (CrossRef Link)
11 N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of computation, vol. 48, pp. 417-426, 1987. Article (CrossRef Link)   DOI
12 J.H. Yang, C.C. Chang, “An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem,” Computers & security, vol.28, no. 3, pp. 138-143, 2009. Article (CrossRef Link)   DOI
13 C.H. Chou, K.Y. Tsai, C.F. Lu, “Two ID-based authenticated schemes with key agreement for mobile environments,” The Journal of Supercomputing, vol.66, no.(2): 973–988, 2013. Article (CrossRef Link)   DOI
14 E.Yoon, K.Yoo, "Robust ID-based remote mutual authentication with key agreement protocol for mobile devices on ECC," in Proc. of 2009 international conference on computational science and engineering, pp. 633-640, 2009. Article (CrossRef Link)
15 S.H. Islam, G.P. Biswas, “A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem,” Journal of Systems and Software, vol.84, no.11, pp. 1892-1898, 2011. Article (CrossRef Link)   DOI
16 D.B. He, J.H. Chen, J. Hu, “An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security,” Information Fusion, vol.13, no.3, pp. 223-230, 2011. Article (CrossRef Link)   DOI
17 M.S. Farash, M.A. Attari, “A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks,” The Journal of Supercomputing, vol. 69, pp. 395-411, 2014. Article (CrossRef Link)   DOI
18 J.H. Yang, C.C. Chang, “An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments,” Journal of Systems and Software, vol. 82, no. 9, pp. 1497-1502, 2009. Article (CrossRef Link)   DOI
19 Y. Chen, S.C. Chuang, L.Y. Yeh, J.L. Huang, “A practical authentication protocol with anonymity for wireless access networks,” Wireless Communications and Mobile Computing, vol. 11, pp. 1366-1375, 2011. Article (CrossRef Link).   DOI
20 L. Lamport, “Password authentication with insecure communication,” Communications of the. ACM, vol. 24, no.11, pp. 770-772, 1981. Article (CrossRef Link).   DOI
21 R. Tso, “Security analysis and improvements of a communication-efficient three-party password authenticated key exchange protocol,” The Journal of Supercomputing, vol. 66, pp. 863-874, 2013. Article (CrossRef Link).   DOI
22 Y.P. Liao, C.M. Hsiao, “A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients,” Future Generation Computer Systems, vol. 29, no. 3, pp. 886-900, 2013. Article (CrossRef Link)   DOI
23 W.B. Hsieh, J.S. Leu, “Anonymous authentication protocol based on elliptic curve Diffie–Hellman for wireless access networks,” Wireless Communications and Mobile Computing, vol. 14, no. 10, pp. 995-1006, 2014. Article (CrossRef Link)   DOI
24 H. Lu, L. Jie, “Privacy-preserving authentication schemes for vehicular ad hoc networks: a survey,” Wireless Communications and Mobile Computing, 2014. Article (CrossRef Link)
25 A. Shamir, "Identity-based cryptosystems and signature schemes," Advances in Cryptology-CRYPTO'84, Springer, New York, pp. 47-53, 1985. Article (CrossRef Link)
26 Java Pairing Based Cryptography Library (jPBC). Article (CrossRef Link)
27 K.E. Lauter, and K.E. Stange, “The elliptic curve discrete logarithm problem and equivalent hard problems for elliptic divisibility sequences,” Selected Areas in Cryptography, Springer Berlin Heidelberg, 309-327, 2009. Article (CrossRef Link)