A privacy preserving authentication scheme for roaming in IoT-based wireless mobile networks


Creative Commons License

Alzahrani B. A., Chaudhry S. A., Barnawi A., Al-Barakati A., Alsharif M. H.

Symmetry, vol.12, no.2, 2020 (SCI-Expanded) identifier

  • Publication Type: Article / Article
  • Volume: 12 Issue: 2
  • Publication Date: 2020
  • Doi Number: 10.3390/sym12020287
  • Journal Name: Symmetry
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Academic Search Premier, Aerospace Database, Communication Abstracts, INSPEC, Metadex, zbMATH, Directory of Open Access Journals, Civil Engineering Abstracts
  • Keywords: Anonymity, Authentication, Elliptic curve cryptography, Internet of things, Mobile networks, ProVerif, Roaming user
  • Istanbul Gelisim University Affiliated: Yes

Abstract

© 2020 by the authors.The roaming service enables a remote user to get desired services, while roaming in a foreign network through the help of his home network. The authentication is a pre-requisite for secure communication between a foreign network and the roaming user, which enables the user to share a secret key with foreign network for subsequent private communication of data. Sharing a secret key is a tedious task due to underneath open and insecure channel. Recently, a number of such schemes have been proposed to provide authentication between roaming user and the foreign networks. Very recently, Lu et al. claimed that the seminal Gopi-Hwang scheme fails to resist a session-specific temporary information leakage attack. Lu et al. then proposed an improved scheme based on Elliptic Curve Cryptography (ECC) for roaming user. However, contrary to their claim, the paper provides an in-depth cryptanalysis of Lu et al.'s scheme to show the weaknesses of their scheme against Stolen Verifier and Traceability attacks. Moreover, the analysis also affirms that the scheme of Lu et al. entails incorrect login and authentication phases and is prone to scalability issues. An improved scheme is then proposed. The scheme not only overcomes the weaknesses Lu et al.'s scheme but also incurs low computation time. The security of the scheme is analyzed through formal and informal methods; moreover, the automated tool ProVerif also verifies the security features claimed by the proposed scheme.