An improved anonymous authentication scheme for roaming in ubiquitous networks

With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks a...

Full description

Saved in:
Bibliographic Details
Published in:PloS one 2018-03, Vol.13 (3), p.e0193366-e0193366
Main Authors: Lee, Hakjun, Lee, Donghoon, Moon, Jongho, Jung, Jaewook, Kang, Dongwoo, Kim, Hyoungshick, Won, Dongho
Format: Article
Language:English
Subjects:
Access control
Agreements
Authentication
Authentication (Identity)
Biometrics
Communication
Computer and Information Sciences
Computer applications
Computer engineering
Computer security
Computer systems
Cost analysis
Cybersecurity
Electronic devices
Engineering and Technology
Forgery
Management
Methods
Mobile communication systems
Nondestructive testing
Passwords
Phase transitions
Physical Sciences
Preservation
Privacy
Protocol
Research and Analysis Methods
Security
Sensors
Smart cards
Social Sciences
Software
Ubiquitous computing
Wireless networks
Wireless roaming
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks are deployed throughout people's lives. To meet the challenge, the user authentication schemes in ubiquitous networks should ensure the essential security properties for the preservation of the privacy with low computational cost. In 2017, Chaudhry et al. proposed a password-based authentication scheme for the roaming in ubiquitous networks to enhance the security. Unfortunately, we found that their scheme remains insecure in its protection of the user privacy. In this paper, we prove that Chaudhry et al.'s scheme is vulnerable to the stolen-mobile device and user impersonation attacks, and its drawbacks comprise the absence of the incorrect login-input detection, the incorrectness of the password change phase, and the absence of the revocation provision. Moreover, we suggest a possible way to fix the security flaw in Chaudhry et al's scheme by using the biometric-based authentication for which the bio-hash is applied in the implementation of a three-factor authentication. We prove the security of the proposed scheme with the random oracle model and formally verify its security properties using a tool named ProVerif, and analyze it in terms of the computational and communication cost. The analysis result shows that the proposed scheme is suitable for resource-constrained ubiquitous environments.
ISSN:1932-6203
1932-6203
DOI:10.1371/journal.pone.0193366