A secure authentication and key agreement scheme for roaming service with user anonymity

Abstract

SummaryNowadays, with the advancement of wireless technologies, global mobility networks offer roaming services for mobile users. Since in global mobility networks the communication channel is public, adversaries can launch different security attacks to breach the security and privacy of data and mobile users. Hence, an authentication and key agreement scheme can be used to provide secure roaming services. It is well known that the conventional authentication schemes are not suitable for global mobility networks, because the authentication server of each network has the credentials of its registered users and thus cannot verify the authenticity of the other mobile users. Hence, for providing secure roaming services, another type of authentication called roaming authentication is required. Hitherto, a large number of authentication protocols have been proposed for global mobility networks. However, most of them have been proved to be insecure against various attacks. This paper proposes a secure and efficient authentication and key agreement scheme for global mobility networks. The proposed scheme is based on the elliptic curve cryptosystem. The correctness of the proposed scheme is verified using Burrows‐Abadi‐Needham logic. In addition, the security of the proposed scheme is proved using ProVerif. Detailed analyses demonstrate that the proposed scheme not only withstands various security attacks but also improves the efficiency by reducing the computational costs.