The rapid growth of the Internet of Things (IoT) has enabled prompt services over mobile devices. The Global Mobility Network (GLOMONET) is an important global network that allows mobile users to access the Internet anywhere. Although implementing a secure mechanism in GLOMONET is a difficult and complex task due to the computational and processing limitations of most mobile devices, an authentication system is vital for secure communications among such mobile devices. In 2021, Rahmani <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> proposed an authentication method, called the advanced mobile authentication protocol for GLOMONET (AMAPG). However, we found three serious vulnerabilities in AMAPG. First, AMAPG contains large amounts of information on the smart card of the mobile phone. Therefore, they are vulnerable to attacks that steal critical information. Second, it is susceptible to password-guessing attacks. Third, AMAPG cannot guarantee the security of future messages because attackers can steal the session key. In this study, we discuss the weaknesses of AMAPG and propose a new three-factor authentication scheme called the secure mobile authentication scheme for GLOMONET (SMASG). We performed informal and formal security analyses using ProVerif and BAN Logic on SMASG. In addition, we analyzed and compared its performance with that of the latest GLOMONET-based authentication schemes. SMASG saves an average of 93% time in user login and authentication phase.
Read full abstract