Improved privacy-preserving authentication scheme for roaming service in mobile networks
Title | Improved privacy-preserving authentication scheme for roaming service in mobile networks |
Publication Type | Conference Paper |
Year of Publication | 2014 |
Authors | Ding Wang, Ping Wang, Jing Liu |
Conference Name | Wireless Communications and Networking Conference (WCNC), 2014 IEEE |
Date Published | April |
Keywords | authentication, cryptography, improved privacy-preserving two-factor authentication scheme, message authentication, Mobile communication, mobile computing, mobile networks, mobile radio, mobile users, nontamper-resistant assumption, offline password guessing attacks, Password authentication, Protocols, Roaming, roaming service, security mechanism, security-related issues, Smart card, smart cards, symmetric-key techniques, telecommunication security, user anonymity, user authentication |
Abstract | User authentication is an important security mechanism that allows mobile users to be granted access to roaming service offered by the foreign agent with assistance of the home agent in mobile networks. While security-related issues have been well studied, how to preserve user privacy in this type of protocols still remains an open problem. In this paper, we revisit the privacy-preserving two-factor authentication scheme presented by Li et al. at WCNC 2013. We show that, despite being armed with a formal security proof, this scheme actually cannot achieve the claimed feature of user anonymity and is insecure against offline password guessing attacks, and thus, it is not recommended for practical applications. Then, we figure out how to fix these identified drawbacks, and suggest an enhanced scheme with better security and reasonable efficiency. Further, we conjecture that under the non-tamper-resistant assumption of the smart cards, only symmetric-key techniques are intrinsically insufficient to attain user anonymity. |
URL | http://ieeexplore.ieee.org/document/6953015/ |
DOI | 10.1109/WCNC.2014.6953015 |
Citation Key | 6953015 |
- Password authentication
- user authentication
- user anonymity
- telecommunication security
- symmetric-key techniques
- smart cards
- Smart card
- security-related issues
- security mechanism
- roaming service
- Roaming
- Protocols
- authentication
- offline password guessing attacks
- nontamper-resistant assumption
- mobile users
- mobile radio
- mobile networks
- mobile computing
- Mobile communication
- message authentication
- improved privacy-preserving two-factor authentication scheme
- Cryptography