JISE


  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17]


Journal of Information Science and Engineering, Vol. 34 No. 1, pp. 155-170


Security and Efficiency Enhancement of Robust ID Based Mutual Authentication and Key Agreement Scheme Preserving User Anonymity in Mobile Networks


CHUN-TA LI1, CHENG-CHI LEE2,3 AND CHI-YAO WENG4
1Department of Information Management
Tainan University of Technology
Tainan City, 71002 Taiwan
E-mail: th0040@mail.tut.edu.tw

2Department of Library and Information Science
Fu Jen Catholic University
New Taipei City, 24205 Taiwan
E-mail: cclee@mail.fju.edu.tw

3Department of Photonics and Communication Engineering
Asia University
Taichung City, 41354 Taiwan  

4Department of Computer Science
National Pingtung University
Pingtung City, 90003 Taiwan
E-mail: cyweng@mail.nptu.edu.tw 


     With the rapid development of wireless communication technologies, mobile networks will enable users to use personal mobile devices to access various network information services at anytime and anyplace. Recently, Lu et al. proposed a dynamic ID based mutual authentication and key agreement scheme using elliptic curve cryptography (ECC) which attempts to support better security properties and resists various well- known security attacks. However, we introduce some design flaws in Lu et al.’s scheme, such as server impersonation attacks by launching stolen-verifier attacks. Besides, their authentication scheme is unable to preserver user anonymity and the performance of authentication and key agreement phase is inefficiency. As a remedy, the main contribution of this study is to design an improved and efficient ECC-based authentication scheme with privacy protection. We analyze its security and performance, proving that our improved scheme not only prevents security weaknesses on Lu et al.’s scheme, but also enhances system efficiency such that it can be implemented to more electronic applications in mobile communication networks. 


Keywords: elliptic curve cryptography, key agreement, mobile networks, mutual authentication, user anonymity

  Retrieve PDF document (JISE_201801_10.pdf)