An Improved and Robust Anonymous Authentication Scheme for Roaming in Global Mobility Networks
©2017
Textbook
62 Pages
Summary
Wireless communication systems are extensively used in the current decade. Internet based applications are accessed by mobile networks at any time and from anywhere. Nowadays, roaming in mobile communication has become extremely popular. Mobility is the function that allows a user to move around and, at the same time, stay inside the network. The Global Mobility Network (GLOMONET) plays a very important role in wireless communication. It is a commodious domain which enables a roaming user to access their home mobile services in a foreign country. While traveling, the roaming service assures that our mobile or wireless devices are connected with a network without any breakage of connection. When persons visit some other country they have to use the mobile services. In GLOMONET, the roaming user, being in a foreign country, uses the mobile services with the help of their home country network. Mobile users connect themselves to a foreign network and the foreign network verifies the legality of the mobile user through their home network and home agent.
Due to the technological improvements, many security issues have been raised up. Security is the main issue in wireless communication because anyone may intercept the communication at any time. While designing the security protocols for wireless networks, communication and computation costs are very important. The objective of this study is to propose an authentication scheme that has the ability to detect and resist all possible attacks. Formal security analysis and authenticity of proposed thesis is analyzed with BAN logic and ProVerif. Furthermore, the author checked the security of the proposed scheme informally against different attacks.
Due to the technological improvements, many security issues have been raised up. Security is the main issue in wireless communication because anyone may intercept the communication at any time. While designing the security protocols for wireless networks, communication and computation costs are very important. The objective of this study is to propose an authentication scheme that has the ability to detect and resist all possible attacks. Formal security analysis and authenticity of proposed thesis is analyzed with BAN logic and ProVerif. Furthermore, the author checked the security of the proposed scheme informally against different attacks.
Excerpt
Table Of Contents
2.4.6
Cryptanalysis of Islam et al's. scheme
. . . . . . . . . . . . . . . . .
22
2.5
Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
22
2.6
Chapter Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
23
3 Proposed Scheme
24
3.1
Initialization Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
24
3.2
Registration Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
25
3.3
Login Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
25
3.4
Authentication Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
26
3.5
Password change Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
28
3.6
Chapter Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
30
4 Security Analysis and Computation Cost Analysis
31
4.1
Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
31
4.1.1
Security Analysis with BAN logic . . . . . . . . . . . . . . . . . . . .
31
4.1.2
Security Analysis with ProVerif . . . . . . . . . . . . . . . . . . . . .
35
4.1.3
Informal Security Analysis . . . . . . . . . . . . . . . . . . . . . . . .
40
4.1.4
Security Requirements and Comparison . . . . . . . . . . . . . . . . .
45
4.1.5
Security Requirements . . . . . . . . . . . . . . . . . . . . . . . . . .
46
4.2
Computation Cost Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . .
46
4.3
Chapter Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
49
5 Conclusion and Future work
50
iv
List of Figures
1.1
Global Mobility Networks Authentication . . . . . . . . . . . . . . . . . . . .
4
2.1
Karuppiah-Saravanan's Scheme . . . . . . . . . . . . . . . . . . . . . . . . .
12
2.2
Gope-Hwang's proposed scheme . . . . . . . . . . . . . . . . . . . . . . . . .
17
2.3
Islam et al. scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
21
3.1
Proposed Registration phase
. . . . . . . . . . . . . . . . . . . . . . . . . .
25
3.2
Proposed Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
29
v
List of Tables
2.1
Notation Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8
4.1
Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
32
4.2
Security requirements table
. . . . . . . . . . . . . . . . . . . . . . . . . . .
47
4.3
Comparison of computation cost and running time . . . . . . . . . . . . . . .
48
vi
Chapter 1
Introduction
The wireless communications are extensively used in current decade, the internet based
applications are accessed by mobile networks at anytime and from anywhere. Nowadays,
roaming in mobile communication become extremely famous.
Mobility is function that allows a user to move around and inside the network, the network
that enables the mobility services to the user is called mobility network and the use of
mobility services around the glob is called global mobility networks(GLOMENT). Global
Mobility Networks(GLOMONET) plays very important role in wireless communication, it is
a commodious domain which enables a roaming user to access their home mobile services in a
foreign country. Due to the technological improvements many security issues have been raised
up. The security is main issue in wireless communication because, anyone may intercept
the communication anytime. While designing the security protocols for wireless network,
communication and computation cost is very important. While traveling the roaming service
assures that our mobile or wireless devices are connected with a network without any breakage
of connection. When a person visits some other country he/she has to use the mobile services.
In GLMONET the roamer user at foreign country use the mobile services with the help of
their home country network. Mobile User connects themselves to foreign network and Foreign
network verifies the legality of mobile user through their home network and Home Agent.
2
1.1
Authentication in GLOMONET
Authentication is a process that verifies whether someone is in fact who or what it claims
to be. There are three types of authentication 1) Single factor-authentication(password
based-authentication) 2) Two factor-authentication(smart-card based-authentication) 3)
Three/multi-factor authentication in which human body involves(like biometric based-
authentication). Authentication of a user is very important in mobility networks. When
a mobile user roams in foreign country the authentication ensures that mobile user is a
legal user. The valid authentication is required against illegal usage. Many authentication
schemes have been proposed for the prevention of illegal usage of mobility services [1-19],
Still the schemes are vulnerable under many attacks. Mutual authenticity is a real issue
for mobility networks, some schemes [1-3] tried to solve the mutual authentication problem
but with respect to time many problems are notified in existing scheme. For the security
of Global Mobility Networks some features of security protocol are concerned carefully like:
1) The scheme provide the user friendliness 2) schem provide user anonymity 3) Enable
a user to change/update the password anytime 4) scheme does not reveal the location of
the user 5) scheme provides forward and backward secrecy 6) prevention of insider attacks
7) Combat against Password guessing attack 8) Capability to withstand replay attacks 9)
Capability to withstand the forgery and impersonation attack 10) Capability to achieve
the mutual authentication 11) Capability to withstand the man-in-middle attack. Different
authentication schemes are proposed to achieve the above listed requirements in the past,
some are discussed in below in related works. In this thesis we review some recent schemes
like Karuppiah-Saravanan's scheme, Gope-Hwang scheme and Islam et al's and found that
these recent schemes are vulnerable to numerous attacks, So this thesis provides a secure
authentication scheme for GLOMONET to overcome all security flaws.
1.2
Preliminaries
This section describes the basic background of hash function and ECC.
1.2.1
Hash Function
A function that takes arbitrary sized data as input and converts it to fixed size of data
H :
{0, 1}
Z
p
. The output value is called hash value. Hash function can be defined in
following properties:
3
Figure 1.1: Global Mobility Networks Authentication
· Suppose, on any given input value b, the H(b) can be easily computed.
· According to preimage resistance property, on a given value H(b) it's infeasible to
compute the value of b.
1.2.2
Elliptic Curve Cryptography(ECC)
A public-key Cryptography that has small key size but provides equivalent security as
compared to non-ECC. y
2
= x
3
+ ax + bmodp where a,b belong to finite fields and (4a
3
+
27b
2
0) the ECC allows scalar point addition P+Q=R and equation can be computed as
(x
p
, y
p
) + (x
q
, y
q
) = (x
r
, y
r
) where x
r
= (
2
- x
p
- x
q
), y
r
= (x
p
- x
r
)
- y
p
and =
y
q
,y
q
x
q
-x
p
and point multiplication is defined as nP = P + P + ..., +P with equation =
3x
2
p
+a
x
q
-x
p
. It can
be used with Diffie-hellman for key key exchange also with DSA, ECIES and etc.
1.3
Objectives
Objective of this thesis is to propose an authentication scheme that has ability to detect and
resist all possible attacks. Formal security analysis and authenticity of proposed thesis is
analyzed with BAN logic and ProVerif. Furthermore, we checked the security of proposed
4
scheme informally, against different attacks. Additionally, the scheme offers:
1. Computational efficiency.
2. Communication efficiency.
3. Low latency an delay.
1.4
Thesis outline
Further organization of thesis is as follows:
· Chapter 2, provides the literature survey of previous work, detailed review and crypt-
analysis of Karuppiah and Saravanan's scheme, Gope-Hwang's scheme and Islam et al.'s
scheme. At the end of chapter 2 we have provided the problem statement of our thesis.
· Chapter 3, provides the proposed solution and their four phases(initialization, registra-
tion, login-authentication and password change phase).
· Chapter 4, provides the security analysis, this chapter provides the formal analysis
with BAN logic and ProVerif(automated tool) and informal analysis against different
security requirements. Furthermore this chapter also provides the performance analysis,
we have analyzed the computation cost, running time and its comparison with previous
work.
· Finally, we made a conclusion in chapter 5.
5
Chapter 2
Literature Review
2.1
Literature Survey
Zhu-Ma [1] proposed an authentication scheme. Basic purpose of the scheme is to build
a model that provides the mutual authenticity, mutual secret key arrangement, user may
authenticate the key implicitly.The proposed scheme uses asymmetric cryptosystem whereas
the mobile user does symmetric cryptosystem for encryption and decryption. Lee et at.
notified that scheme [1] is incompetent to provide the mutual authentication, likewise forgery
attacks and backward secrecy are also possible in existing Zhu and Ma's scheme. Lee et al.[2]
proposed a simple and an improved authentication scheme for wireless environment that
endured the security weaknesses of scheme [1] efficiently.
In [3] Wei et al. also shown that Zhu-Ma's scheme is unable to provide the user anonymity
and they pointed out that the scheme is not secure when any relative information leaks. They
proposed an improved scheme that covers the authentication and anonymity weaknesses of
previous scheme. Wu et al. [4] reviewed Lee et al's scheme and pointed out that scheme [2]
failed to provide the anonymity and backward secrecy, and there are possibilities of off-line
attack. Therefor they proposed a smile and efficient scheme that handles the user anonymity,
secrecy and off-line attacks. Since, Lee et al.[5] introduced an enhance scheme for privacy
protection and the prevention of unauthorized access to the network. Xu-Feng [6] proposed
a protocol that handles the security flaws and user anonymity for wireless communication,
environment. He et al.[7] shown that Wu et al's scheme failed to provide the anonymity and
some attacks like replay and impersonation attacks are possible so, He et al. proposed a
new authentication scheme for user which is a strong and lightweight authentication scheme.
They introduced a new feature if the smart card reveals any information and password do not
6
disclose the password the attacker cannot breach the security requirements. Xie et al. also
proposed new authentication scheme that contest different properties like user shares session
key fairly, user anonymity, user untraceablity, two-factor authentication and the scheme works
efficiency as compared to previous schemes. Xu et al. proposed a generic authentication
scheme for mobile users that removes the synchronization between home agents and mobile
user, the proposed scheme does not require any encryption/decryption or signature operation
and author claimed that this scheme is more efficient in communication and computation
cost than other similar schemes. Li-Lee [8] reviewed the He et al's scheme and found that
scheme may not achieve the anonymity of user and key exchange procedure is not fair so Li et
al. proposed a enhanced scheme based on He et al's scheme that fulfills the user anonymity
and key exchange agreement, but [9] authors signified that Li et al's scheme is ineffective
because of computational cost due to Diffie Hellman, also the scheme [9] does not enable the
updation of session key. Das [10] also showed that Li et al's scheme is vulnerable, replay
attack is possible. In [11] a new enhanced scheme is introduced that covers the weaknesses
of previous work. [11] proposed a scheme that is based on some advantages like: User may
choose the the password freely, User anonymity is ensured in this scheme, this ensures the
mutual authentication and provides session key agreement securely.
Niu and Li.[12] authors demonstrated that Yoon et al's scheme does not achieve the user
anonymity and inequity in key management. they introduced novel authentication scheme
that achieves user anonymity, eavesdrop attack is impossible and key distribution agreement
is fair in proposed scheme. [13] also found that [12] is insure against insider attack, key
distribution in not fair and cannot provide the user anonymity, Li proposed a secure scheme
by using ECC and Diffie Hellman which showed lightweight efficiency as compared to previous
scheme. Jiang et al.[14] identified He et al's scheme cannot obtain two-factor authentication
security, possibilities of insider and replay attack and user cannot change the password. The
proposed scheme of Jiang et al. enhances the authentication with privacy preservation. They
claimed that their enhanced scheme obtains fully two-factor authentication security with less
computation and communication cost. [15] authors found Jiang et al. scheme is vulnerable
against replay attack and verifier attack, Then they proposed a new scheme that in which
user does not share their secret key. They claimed that their scheme provides best security
requirements as compared to previous scheme. Farash et al. [16] proposed a lightweight
scheme for key authentication in global mobile networks.
Karuppiah-Saravanan [17] found Rhee et al's scheme failed to achieve the user anonymity,
absence of user friendliness, and scheme is vulnerable to reply attack, they proposed a new
secure authentication scheme and claimed that the scheme is fully secure. Gope-Hwang
[18] notified Qi et al. scheme does not fulfill some security requirements with unfair key
7
Table 2.1: Notation Guide
Notations
Description
M b
u
Mobile user
HA
Home agent
F A
Foreign agent
P W
mbu
password of mobile user
T S
A
Timestamps generated by entity A
SID
Shadow Identity
SC
Smart Card
P K
Public key home agent
s
Secret key of home agent.
SK
Session key betweenM b
u
, F A and HA
HF
k
Pre-shared key between home and foreign agent
r, b
Random numbers of M b
u
r
fa
Random numbers of F A
m, c, e
Random numbers of HA
T S
Expected time interval for transmission delay
ID
mbu
Identity of mobile user
ID
F A
Identity of foreign agent
ID
HA
Identity of home agents
p, q, n
p and q are prime number and n=p.q
The XOR operation
h(.)
one way hash function
||
The concatenation operation
P K
=sP
P
Point over ECC
R
T
Registration time
distribution whereas we notifed that Gope and Hwang scheme suffers with many problems
. Islam et al. [19] proposed a new scheme by using Chaotic Maps. In this thesis we have
shown that Karuppiah-Saravanan, Gope-Hwang and Islam et al.'s scheme suffer with many
security problems. We have provided the detailed review and cryptanalysis of scheme [17],
scheme [18] and scheme [19] as in following sections:
2.2
Karuppiah-Saravanan's scheme review
Scheme[17] consists of four phases: initialization phase, registration phase, login and authen-
tication phase, password change phase.
8
2.2.1
Initialization phase
In initialization phase the home agent takes two prime number p, q and calculates the public
key P K
A
where P K
A
= g
s
modn and n gcd and secret key and keeps the (s, p, q) secretly.
2.2.2
Registration Phase
Step 1: The Mobile user M b
u
chooses his identity ID
mbu
,password P W
mbu
and a random
number R, random number R is used for the protection of P W
mbu
.Then M b
u
sends
the registration request message M =
{ID
mbu
, (R
P W
mbu
)
} to the Home Agent HA
to server through a secure channel.
Step 2: While receiving the message M the HA calculates the C
i
= h(h(ID
mbu
)
h(R
P W
mbu
))mod n, K
mbu
= h(h(ID
mbu
)
||(ID
HA
||(a||T S
RE
)
h(R P W
mbu
)) Where, T
RE
is registration time and a is random number chosen by HA and for every user the K
mbu
must be unique. The HA produces an entry in his database for the Mobile user and
stores (ID
mbu
, r
ha
, T S
RE
) in encrypted form in his entry. After that the HA customizes
the smart card with (C
i
, g, P K
A
, n, ID
H
, M b
u
, r
ha
, h(.)) and provides it to Mobile user
M b
u
.
Step 3: When Mobile user M b
u
receives his/her smart card He/she puts random number
R
into his/her smart card. Ultimately, smart card holds
{C
i
, g, P K
A
, n, ID
H
, K
mbu
, R, h(.)
}.
2.2.3
Login-Authentication Phase
Suppose mobile user M b
u
is in foreign region under the administration of F A. Now the
F A authenticates the M b
u
by the help of Home agent. Authentication phase involves the
following step as shown in Figure ??
Step 1: M b
u
F A : M1 = {A
1
, SID, U
1
, ID
H
A, T S
mbu
}
The Mobile User M b
u
puts his card into card reader by using identity and pass-
word, then the smart card calculates C
i
= h(h(ID
mbu
)
h(R P W
mbu
)) mod n
and checks c
i
= c
i
if yes then legality holds otherwise session is terminated. The
Smart card chooses a random number m and calculates A
1
= g
m
mod n, A
2
=
(P K
A
)
m
mod n, SID = (ID
mbu
||A
1
)
A
2
)
h(A
1
A
2
), K= K
mbu
h(R P W
mbu
),
K=h(ID
mbu
||ID
H
||X
mbu
||T S
R
), U
1
= h(K
||A
2
||SID||T S
mbu
) Where, T S
mbu
is time
9
stamp of mobile user. Ultimately a login request is sent by Mobile user to foreign agent
by a message M1=(A
1
, SID, U
1
, ID
HA
, T S
m
).
Step 2: F A
HA : M2 = {W
i
, ID
F A
, r
fa
, T S
F A
, A
1
, SID, U
1
, T S
mbu
}
After receiving the message M1 foreign agent F A checks the time freshness comparison
T S
F
-T S
m
T S
1
if the comparison fails, F A does not accept the login request other-
wise Foreign Agent choses a random r
fa
and calculates W
i
= h(K
HF A
||ID
F A
||r
fa
||T S
F A
||A
1
||U
1
||SID) By using the secret key K
HF A
that is pre-shared, foreign agent F A
sends the M2 to Home agent HA, M2=
{K
HF A
||ID
F A
||r
fa
||A
1
||U
1
||SID} Where, M2
is the message.
Step 3: F A
HA : M3 = {K1, U
2
, S
1
, T S
HA
}
When HA receives the message M2, the Home agent HA confirms the whether T S
HA
-
T S
F A
T S
2
if the verification fails, the Home agent does not accept the message
M2. When HA obtains the shared key between home agent and foreign agent K
HF A
then he calculates W
i
= (K
HF A
||ID
F A
||r
fa
T S
F A
||A
1
||U
1
||SID). Now HA checks if
W
i
= W
i
then it is ensured that foreign agent is legal. If equality does not hold
then session is terminated by HA and computes the A
2
= (A
1
)
s
modn = (P K
A
)
m
mod n, SID
h(A
1
A
2
) = (ID
mbu
||A
1
)
A
2
. The Home agent uses A
2
to reveal
the mobile user identity and for decryption of (ID
mbu
||A
1
)
A
2
the home agent also
computes the K
and U
1
then compares U
1
= U
1
if comparison is true, authentication
is verified otherwise Home agent terminates the session and computes the session
key SK = h(h(ID
mbu
||K
)ID
F A
||r
fa
||ID
mbu
||A
1
), K1 = SK
(ID
F A
||r
fa
), U
2
=
h(h(ID
mbu
||K
)ID
F A
||r
fa
||ID
mbu
), S
1
= h(SK
||ID
F A
||r
fa
||A
1
) The Home agent sends
M 3 =
{K1, U
2
, S
1
, T S
HA
} to Foreign agent FA.
Step 4: F A
Mb
u
: M 4 =
{U
2
, r
fa
, T S
F A
}
When F A receives the M 3, he compares the time stamp difference T S
F
-T S
H
T S
2
if comparison fails then F A does not accept the message otherwise the Foreign agent F A
computes the SK(session key between home agent and foreign agent) and S
1 and checks
if S
1
= S
1
Then the legality of home user exists and Home user transmit the message
M 4 =
{U
2
, r
fa
, T S
F A
} to Mobile user Mb
u
. Mobile user receives the message M 4 and
compares the time stamp difference(current time stamp M b
u
)T S
mbu
-T S
F A
(Time stamp
of foreign Agent F A)
T S
1
(Legal time interval). In case of failure in comparison,
M4 is rejected by mobile user M b
u
. For the sake verification the mobile user M b
u
computes U
2
where, U
2
= h(h(ID
mbu
||K)||ID
F A
||r
fa
||ID
mbu
). Then M b
u
verifies
whether U
2
? = U
2
. If yes then legality between F A and HA is ensured by the M b
u
and
both agreed on computation of session key SK =h(h(ID
mbu
||K)||ID
F A
||r
fa
ID
mbu
||A
1
).
10
Details
- Pages
- Type of Edition
- Erstausgabe
- Year
- 2017
- ISBN (PDF)
- 9783960676478
- ISBN (Softcover)
- 9783960671473
- File size
- 466 KB
- Language
- English
- Institution / College
- International Islamic University – Department of Computer Science & Software Engineering
- Publication date
- 2017 (April)
- Grade
- 4
- Keywords
- GLOMONET Elliptic Curve Cryptography Wireless communication Authentication protocol Internet security Key agreement protocol Security analysis Hacking Hacker Computational efficiency Communication efficiency
