The Scientific World Journal (Jan 2014)

Security Analysis and Improvement of an Anonymous Authentication Scheme for Roaming Services

  • Youngsook Lee,
  • Juryon Paik

DOI
https://doi.org/10.1155/2014/687879
Journal volume & issue
Vol. 2014

Abstract

Read online

An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.’s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.’s scheme can be addressed without degrading the efficiency of the scheme.