CPAL: A Conditional Privacy-Preserving Authentication With Access Linkability for Roaming Service

The roaming service enables mobile subscribers to access the internet service anytime and anywhere, which can fulfill the requirement of ubiquitous access for the emerging paradigm of networking, e.g., the Internet of Things (IoT). In this paper, we propose a conditional privacy-preserving authentication with access linkability (CPAL) for roaming service, to provide universal secure roaming service and multilevel privacy preservation. CPAL provides an anonymous user linking function by utilizing a novel group signature technique, which can not only efficiently hide users´ identities but also enables the authorized entities to link all the access information of the same user without knowing the user´s real identity. Specifically, by using the master linking key possessed by the trust linking server, the authorized foreign network operators or service providers can link the access information from the user to improve its service, while preserving user anonymity, e.g., using individual access information to analyze user preferences without revealing user´s identity. Furthermore, the subscribers can also use this functionality to anonymously query their usage of service. In addition, CPAL has an efficient revocation function, which revokes a group of users at the same time. Through extensive analysis, we demonstrate that CPAL resists various security threats and provides more flexible privacy preservation compared to the existing schemes. Meanwhile, performance evaluations demonstrate its efficiency in terms of communication and computation overhead.