Title :
Improved privacy-preserving authentication scheme for roaming service in mobile networks
Author :
Ding Wang ; Ping Wang ; Jing Liu
Author_Institution :
Sch. of Electron. Eng. & Comput. Sci., Peking Univ., Beijing, China
Abstract :
User authentication is an important security mechanism that allows mobile users to be granted access to roaming service offered by the foreign agent with assistance of the home agent in mobile networks. While security-related issues have been well studied, how to preserve user privacy in this type of protocols still remains an open problem. In this paper, we revisit the privacy-preserving two-factor authentication scheme presented by Li et al. at WCNC 2013. We show that, despite being armed with a formal security proof, this scheme actually cannot achieve the claimed feature of user anonymity and is insecure against offline password guessing attacks, and thus, it is not recommended for practical applications. Then, we figure out how to fix these identified drawbacks, and suggest an enhanced scheme with better security and reasonable efficiency. Further, we conjecture that under the non-tamper-resistant assumption of the smart cards, only symmetric-key techniques are intrinsically insufficient to attain user anonymity.
Keywords :
cryptography; message authentication; mobile radio; telecommunication security; improved privacy-preserving two-factor authentication scheme; mobile networks; mobile users; nontamper-resistant assumption; offline password guessing attacks; roaming service; security mechanism; security-related issues; smart cards; symmetric-key techniques; user anonymity; user authentication; Authentication; Mobile communication; Mobile computing; Protocols; Roaming; Smart cards; Mobile networks; Password authentication; Roaming service; Smart card; User anonymity;
Conference_Titel :
Wireless Communications and Networking Conference (WCNC), 2014 IEEE
Conference_Location :
Istanbul
DOI :
10.1109/WCNC.2014.6953015
