Open AccessA practical anonymous authentication protocol for wireless roaming
Author(s) -
Xie Qi,
Tan Xiao,
Wong Duncan S.,
Wang Guilin,
Bao Mengjie,
Dong Na
Publication year - 2014
Publication title -
security and communication networks
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.446
H-Index - 43
eISSN - 1939-0122
pISSN - 1939-0114
DOI - 10.1002/sec.858
Subject(s) - computer science , roaming , computer security , session key , anonymity , authentication protocol , computer network , password , forward secrecy , smart card , protocol (science) , authentication (law) , authenticated key exchange , robustness (evolution) , secrecy , key exchange , public key cryptography , encryption , medicine , alternative medicine , pathology , biochemistry , chemistry , gene
ABSTRACT Recently, Chen et al. proposed a practical authentication protocol for supporting anonymous roaming in wireless access networks, then the protocol is further improved by Hsieh and Leu. In this paper, we demonstrate the adversarial model of this type of protocols and show that Hsieh‐Leu scheme is not as secure as they originally claimed to be. In particular, we show that their protocol does not provide user privacy protection, and it is vulnerable to off‐line password guessing attack mounted by a side channel adversary who has compromised all the information stored in the user's smart card. To fix these weaknesses, a new practical authentication protocol with anonymity for wireless roaming is proposed. We use the formal verification tool ProVerif, which is based on applied pi calculus, to prove the security of the proposed scheme. The experimental results confirm that the new scheme not only achieves many desirable properties, such as strong anonymity, perfect forward secrecy and support of session key update, but also provides robustness against all those attacks that Hsieh–Leu protocol does not resist. Copyright © 2013 John Wiley & Sons, Ltd.