Abstract
ABSTRACTRecently, Chen et al. proposed a practical authentication protocol for supporting anonymous roaming in wireless access networks, then the protocol is further improved by Hsieh and Leu. In this paper, we demonstrate the adversarial model of this type of protocols and show that Hsieh‐Leu scheme is not as secure as they originally claimed to be. In particular, we show that their protocol does not provide user privacy protection, and it is vulnerable to off‐line password guessing attack mounted by a side channel adversary who has compromised all the information stored in the user's smart card. To fix these weaknesses, a new practical authentication protocol with anonymity for wireless roaming is proposed. We use the formal verification tool ProVerif, which is based on applied pi calculus, to prove the security of the proposed scheme. The experimental results confirm that the new scheme not only achieves many desirable properties, such as strong anonymity, perfect forward secrecy and support of session key update, but also provides robustness against all those attacks that Hsieh–Leu protocol does not resist. Copyright © 2013 John Wiley & Sons, Ltd.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
