A Secure and Lightweight User Authentication Scheme with Anonymity for the Global Mobility Network

Abstract

Designing a user authentication protocol with anonymity for the global mobility network (GLOMONET) is a difficult task because wireless networks are more susceptible to attacks and each user has limited energy, processing and storage resources. Recently, some authentication schemes with user anonymity for the GLOMONET have been proposed. This paper shows some weaknesses in those schemes. As the main contribution of this paper, a secure and lightweight user authentication scheme with anonymity is presented. It mainly uses low-cost functions such as one-way hash functions and exclusive-OR operations to achieve security. Having these features, it is more suitable for the energy-limited mobile devices. In addition, the home agent only needs to receive one message and send one message to authenticate the mobile user. Therefore, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. Besides, it is demonstrated that the proposed scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, user friendly, no password/verifier table, no synchronized time mechanisms, high efficiency in password authentication, use of one-time session key between mobile user and foreign agent, etc. Furthermore, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the adversary.