Visible to the public Improved privacy-preserving authentication scheme for roaming service in mobile networks

TitleImproved privacy-preserving authentication scheme for roaming service in mobile networks
Publication TypeConference Paper
Year of Publication2014
AuthorsDing Wang, Ping Wang, Jing Liu
Conference NameWireless Communications and Networking Conference (WCNC), 2014 IEEE
Date PublishedApril
Keywordsauthentication, cryptography, improved privacy-preserving two-factor authentication scheme, message authentication, Mobile communication, mobile computing, mobile networks, mobile radio, mobile users, nontamper-resistant assumption, offline password guessing attacks, Password authentication, Protocols, Roaming, roaming service, security mechanism, security-related issues, Smart card, smart cards, symmetric-key techniques, telecommunication security, user anonymity, user authentication

User authentication is an important security mechanism that allows mobile users to be granted access to roaming service offered by the foreign agent with assistance of the home agent in mobile networks. While security-related issues have been well studied, how to preserve user privacy in this type of protocols still remains an open problem. In this paper, we revisit the privacy-preserving two-factor authentication scheme presented by Li et al. at WCNC 2013. We show that, despite being armed with a formal security proof, this scheme actually cannot achieve the claimed feature of user anonymity and is insecure against offline password guessing attacks, and thus, it is not recommended for practical applications. Then, we figure out how to fix these identified drawbacks, and suggest an enhanced scheme with better security and reasonable efficiency. Further, we conjecture that under the non-tamper-resistant assumption of the smart cards, only symmetric-key techniques are intrinsically insufficient to attain user anonymity.

Citation Key6953015