Efficient and Anonymous Mobile User Authentication Protocol
Efficient and Anonymous Mobile User Authentication Protocol Using Self-certified Public Key Cryptography for Multi-server Architectures
[pdf-embedder url=”http://wellapets.com/wp-content/uploads/2019/06/Efficient-and-Anonymous-Mobile-User.pdf” title=”Efficient and Anonymous Mobile User”]
Abstract—Rapid advances in wireless communication technologies have paved the way for a wide range of mobile devices to become
increasingly ubiquitous and popular. Mobile devices enable anytime, anywhere access to the Internet. The fast growth of many types of
mobile services used by various users has made the traditional single-server architecture inefficient in terms of its functional
requirements. To ensure the availability of various mobile services, there is a need to deploy multi-server architectures. To ensure the
security of various mobile services applications, the Anonymous Mobile User Authentication (AMUA) protocol without online
registration using the Self-Certified Public Key Cryptography (SCPKC) for multi-server architectures was proposed in the past.
However, most of past AMUA solutions suffer from malicious attacks or have unacceptable computation and communication costs. To
address these drawbacks, we propose a new AMUA protocol that uses the SCPKC for multi-server architectures. In contrast to existing
AMUA protocols, our proposed AMUA protocol incurs lower computation and communication costs. By comparing with two of the latest
AMUA protocols, the computation and the communication costs of our protocol are at least 74.93% and 37.43% lower than them
respectively. Moreover, the security analysis of our AMUA protocol demonstrates that it satisfies the security requirements in practical
applications and is provably secure in the novel security model. By maintaining security at various levels, our AMUA protocol is more
practical for various mobile applications.
Index Terms—Authentication, bilinear pairing, mobile, multi-server architecture, security.
THE significant improvements in software, hardware,
and wireless communication technologies have led to
the emergence of a wide range of mobile devices such as
PDAs, smart phones, and notebooks. These devices have
become an integral part of our daily life today. According
to the recent survey , the number of Americans owning
a smart phone has increased from 35% at the end of 2011
to about 64% by the end of 2014. Wireless communication technologies along with powerful mobile devices have led
to the emergence and proliferation of many different types
of mobile services such as mobile banking, mobile online
shopping, mobile online game, and mobile pay-TV which
can be accessed from anywhere at anytime. This technological
revolution in mobile computing and devices brings a lot
of convenience to end-users.
The traditional single-server architecture for the mobile
service system consists of a server and many mobile users.
By using wireless communication technologies, the mobile
user can remotely access the mobile services provided by the
server. But, the computation, communication and storage
capabilities of the server are limited. With an increase in
the number of users and the emergence of different types
of mobile devices, the traditional architecture with only one
server may become a performance bottleneck for various
mobile services . To address this drawback, a multi-server
architecture was proposed for mobile service systems. In
a multi-server architecture, many servers provide various
types of mobile services so that users can access these
services from anywhere over different types of wireless
networks. A typical multi-server architecture for the mobile
service system is shown in Fig. 1.
Due to the openness of wireless networks, the adversary
can easily control the communication channel and carries
out many kinds of attacks. For example, the adversary can
intercept, modify, replay and delay messages transmitted in
the systems . To prevent the adversary from accessing
the mobile service, we need an efficient security protocol to provide secure communications in wireless networks.
The Anonymous Mobile User Authentication (AMUA)
protocol is a significant security protocol which can provide
confirmation for the other party’s identity and preserve
the users’ privacy. When the AMUA protocol is executed,
it generates a session key for encryption to preserve the
integrity of future messages transmitted in the system. Since
Lamport’s work about the user authentication protocol ,
many AMUA protocols for single-server architectures have
been introduced for different types of environments [5-10].
However, they are not applied in multi-server architectures
because the user needs to register and store private keys
generated by these servers individually. To reduce the user’s
burden and guarantee secure communications, it is urgent
to construct AMUA protocols for multi-server architecture.
According to recent surveys [11-20], some AMUA protocols
for multi-server architectures were presented in
the last decade. Based on the cryptographic algorithm
used, these protocols are divided into the private key
cryptography-based AMUA protocols [11-25] and the public
key cryptography-based AMUA protocols [26-30]. However,
it has been found that the private key cryptographybased
AMUA protocols have better performance. However,
they cannot provide important security attributes such as
perfect forward secrecy and two-factor security, which imply
the protocol is still secure when one and only one of
two facts (password and smart card) is lost. Hence, public
key cryptography-based AMUA protocols for multi-server
architectures have become more popular. Many public key
cryptography-based AMUA protocols [26-33] have been
proposed for different applications. However, they need
the on-line registration center’s help to achieve mutual
Recently, several AMUA protocols [34-37], using the
Self-Certified Public Key Cryptography (SCPKC), were proposed.
Compared with previous public key cryptographybased
AMUA protocols [26-33], they need no on-line registration
center to achieve mutual authentication and have
lower communication cost. Due to this advantage such
AMUA protocols have become more popular among researchers
and designers as they can be applied to a wide
range of applications.We summarize below some of the major
drawbacks and limitations of recently proposed AMUA
protocols that use the SCPKC:
The computation cost associated with these protocols
is not acceptable for most practical applications:
It is well known that mobile devices are resourceconstrained
in terms of storage and computation capabilities.
However, the mobile device in these protocols has
to execute the bilinear paring operation and the map-topoint
hash operation which are two of the most complex
operations in modern public key cryptography.
The security analyses of these protocols are weak:
Most of the authors of previously proposed protocols
presented only a preliminary analysis of the protocols but
they did not present any evaluation with any provable
security model. Hence, these protocols can have various
vulnerability issues leading to a number of serious attacks.
Important functions or security attributes are not
supported by these protocols:
Several important functions such as key establishment
and user anonymity, and security attributes such as twofactor
security and no verifier table are not considered in
the design of these protocols. These limited functionalities
prevent their deployment in various real-time applications.
It remains a significant challenge to construct an AMUA
protocol with better efficiency and security for multi-server
architectures to protect the authorized users’ rights for various
practical mobile applications.