Enhanced secure anonymous authentication scheme for roaming service in global mobility networks. (English) Zbl 1245.94102

Summary: User authentication scheme is an important issue for providing secure roaming service to users of mobile devices. In 2008, Wu, Lee and Tsaur proposed an enhanced anonymous authentication for roaming environment. In this paper, we show weaknesses of Wu-Lee-Tsaur’s schemes such as failing to achieve anonymity and perfect forward secrecy, and disclosing of legitimate user’s password. Therefore, we propose a new enhanced scheme that uses elliptic curve Diffie-Hellman (ECDH) to overcome these weaknesses and improve performance. We also demonstrate that our scheme not only overcomes these weaknesses but also provides mutual authentication and resistance to a man-in-the-middle attack. Compared with previous schemes that use public key cryptosystem with certificates, our scheme is more efficient. Moreover, our scheme does not use timestamps, so it is not required to synchronize the time.


94A62 Authentication, digital signatures and secret sharing
Full Text: DOI


[1] Lee, C.C.; Hwang, M.S.; Liao, I.E., Security enhancement on a new authentication scheme with anonymity for wireless environments, IEEE trans. ind. electron., 53, 5, 1683-1687, (2006)
[2] Wu, C.C.; Lee, W.B.; Tsaur, W.J., A secure authentication scheme with anonymity for wireless communications, IEEE commun. lett., 12, 10, 722-723, (2008)
[3] Xu, J.; Feng, D., Security flaws in authentication protocols with anonymity for wireless environments, Etri j., 31, 4, 460-462, (2009)
[4] Zhu, J.; Ma, J., A new authentication scheme with anonymity for wireless environments, IEEE trans. consum. electron., 50, 1, 230-234, (2004)
[5] Zeng, P.; Cao, Z.; Choo, K.K.R.; Wang, S., On the anonymity of some authentication schemes for wireless communications, IEEE commun. lett., 13, 3, 170-171, (2009)
[6] Hankerson, D.; Menezes, A.J.; Vanstone, S., Guide to elliptic curve cryptography, (2004), Springer-Verlag Inc. Berlin, Germany · Zbl 1059.94016
[7] NIST, FIPS PUB 180-2: Secure Hash Standard, Federal Information Processing Standards Publications, August 2002.
[8] V. Gupta, D. Stebila, S. Fung, S. Chang Shantz, N. Gura, H. Eberle, Speeding up secure web transactions using elliptic curve cryptography, in: Proc. of 11th Network and Distributed System Security Symposium, February 2004, pp. 231-239.
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.