A Secure Anonymous Authentication Protocol for Roaming Service in Resource-Constrained Mobility Environments

Abstract

Mobile user authentication is very crucial to ensure the authenticity and privacy of roaming users in mobility environments. The existing communication technologies are highly vulnerable to security threats and pose a great challenge for the wireless networks being used today. Because the mode of a wireless channel is open, these networks do not carry any inherent security and hence are more prone to threats. Consequently, designing a robust scheme for roaming service in the mobile environment is always challenging. Recently, Kuo et al. proposed an efficient authentication protocol for roaming and they claimed that the protocol can resist several security threats in mobile networks. In this paper, we analyze the security of Kuo et al.’s. authentication protocol and show that the protocol is exposed to an insider attack, replay attack, denial-of-service attack and cannot provide fair key agreement, user untraceability, and local password verification. To combat these security flaws, we propose a secure authentication scenario for roaming service using elliptic curve cryptosystem. The proposed authentication protocol is implemented in HLPSL language using automated validation of internet security protocols and applications as a formal verification tool to prove that the novel protocol is free from known attacks. Further, we applied Burrows–Abadi–Needham logic to validate the correctness of the authentication system. The proposed protocol not only improves security but also retains a low communicational and computational overhead.