当前位置: X-MOL 学术Peer-to-Peer Netw. Appl. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A Robust user authentication protocol with privacy-preserving for roaming service in mobility environments
Peer-to-Peer Networking and Applications ( IF 3.3 ) Pub Date : 2020-06-28 , DOI: 10.1007/s12083-020-00929-y
R. Shashidhara , Sriramulu Bojjagani , Anup Kumar Maurya , Saru Kumari , Hu Xiong

The authentication system plays a crucial role in the context of GLObal MObility NETwork (GLOMONET) where Mobile User (MU) often need to seamless and secure roaming service over multiple Foreign Agents (FA). However, designing a robust and anonymous authentication protocol along with a user privacy is essential and challenging task. Due to the resource constrained property of mobile terminals, the broadcast nature of a wireless channel, mobility environments are frequently exposed to several attacks. Many researchers focus their interests on designing an efficient and secure mobile user authentication protocol for mobility networks. Very recently (in 2018), Xu et al presented the novel anonymous authentication system for roaming in GLOMONET, and insisted that their protocol is more secure than existing authentication protocols. The security strength of Xu et al.’s authentication protocol is analysed and identified that the protocol is vulnerable to stolen verifier attack, privileged insider attack, impersonation attack and denial of service attack. In-fact, the protocol suffers from clock synchronization problem and cannot afford local password-verification to detect wrong passwords quickly. As a remedy, we proposed an efficient and robust anonymous authentication protocol for mobility networks. The proposed mobile user authentication protocol achieves the provable security and has the ability to resist against numerous network attacks. Besides, the correctness of the novel authentication protocol is validated using formal security tool called AVISPA (Automated Validation of Internet Security Protocols & Applications). Finally, the performance analysis and simulation results reveals that the proposed authentication protocol is computationally efficient and practically implementable in resource limited mobility environments.



中文翻译:

鲁棒的用户身份验证协议,具有隐私保护功能,可用于移动环境中的漫游服务

身份验证系统在全球移动网络(GLOMONET)的环境中起着至关重要的作用,在这种情况下,移动用户(MU)通常需要在多个外部代理(FA)上提供无缝和安全的漫游服务。但是,设计健壮且匿名的身份验证协议以及用户隐私是必不可少且具有挑战性的任务。由于移动终端的资源受限特性,无线信道的广播特性,移动性环境经常受到多种攻击。许多研究人员的兴趣集中在为移动网络设计一种高效且安全的移动用户身份验证协议上。最近(在2018年),Xu等人提出了一种新颖的用于在GLOMONET中漫游的匿名身份验证系统,并坚持认为它们的协议比现有的身份验证协议更安全。经过分析,确定了Xu等人的身份验证协议的安全强度,该协议容易受到窃取的验证者攻击,特权内部人员攻击,模拟攻击和拒绝服务攻击。实际上,该协议存在时钟同步问题,无法承受本地密码验证来快速检测到错误的密码。作为一种补救措施,我们提出了一种针对移动网络的有效且健壮的匿名身份验证协议。所提出的移动用户认证协议实现了可证明的安全性,并具有抵抗众多网络攻击的能力。此外,新颖的身份验证协议的正确性使用称为AVISPA(Internet安全协议和应用程序的自动验证)的正式安全工具进行验证。最后,

更新日期:2020-06-28
down
wechat
bug