Abstract
In today’s society, Global Mobile Networks (GLOMONETs) have become an important network infrastructure that provides seamless roaming service for mobile users when they leave their home network. Authentication is an essential mechanism for secure communication among the mobile user, home network, and foreign network in GLOMONET. Recently, Madhusudhan and Shashidhara presented a lightweight authentication protocol for roaming application in GLOMONET. However, we found their protocol not only has design flaws, but is also vulnerable to many attacks. To address these weaknesses, this paper proposes a novel authentication protocol with strong security for GLOMONET based on previous work. The fuzzy verifier technique makes the protocol free from smart card breach attack, while achieving the feature of local password change. Moreover, the computational intractability of the Discrete Logarithm Problem (DLP) guarantees the security of the session key. The security of the protocol is verified by the ProVerif tool. Compared with other related protocols, our protocol achieves a higher level of security at the expense of small increases in computational cost and communication cost. Therefore, it is more suitable for securing the roaming application in GLOMONET.
Highlights
The network enriches the way people access information, and technologies such as wireless sensor networks (WSN) [1,2,3,4], multi-hop wireless networks [5,6], and the Internet of Things (IoT) [7,8,9]have greatly advanced the intelligence level of peoples’ lives
This paper focused on the user authentication mechanism in GLOMONET
Some design and security weaknesses of the user authentication protocol in [32] were pointed out. Their protocol had a fatal flaw that some important information of the mobile user was transmitted via the public channel in plaintext, and it can be obtained by an adversary
Summary
The network enriches the way people access information, and technologies such as wireless sensor networks (WSN) [1,2,3,4], multi-hop wireless networks [5,6], and the Internet of Things (IoT) [7,8,9]. In 2015, Marimuthu and Saravanan [30] designed an authentication for GLOMONET based on the Discrete Logarithm Protocol (DLP) and DHP Their protocol lacked the session key update function and could not achieve perfect forward secrecy [31]. Madhusudhan and Shashidhara [32] pointed out some other defects of the scheme in [30], such as stolen verifier attack, impersonation attack, and insider attack They proposed an improved authentication protocol for GLOMONET [32], which they claimed was secure and lightweight. Their protocol had a fatal flaw in the design, i.e., some information that should be kept secret was transmitted by plaintext Their protocol lacked proper bidirectional authentication, and suffered from stolen verifier attack, mobile device breach attack, session key compromise attack, and user impersonation attack. Points out their design and security flaws; our protocol, the corresponding formal proof, and the formal verification by ProVerif are presented in Sections 3– 5, respectively; Section 6 discusses the security properties and compares it with other related protocols; Section 7 summarizes the full paper
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have