Robust Privacy-Preserving Mutual Authenticated Key Agreement Scheme in Roaming Service for Global Mobility Networks

Abstract

Security and privacy are desired core issues to secure communication for the roaming service in global mobility network (GLOMONET). Authentication mechanism is an essential technology to establish a shared secret key between two or more participants who wish to encrypt sensitive data. How to design an ideal authenticated key agreement (AKA) that satisfies different security requirements is a very challenging task due to a handshake between participants is performed over an open channel. Multiple papers on AKA are currently available. We review a recently GLOMONET-oriented AKA released by Gope–Hwang. We point out that their scheme has various security problems. Specifically, their AKA is vulnerable to known session-specific temporary information attack. More seriously, the password renewal phase of their scheme is wrong, thus leading to the mobile user login failed and even the server rejects service. So the paper attempts to eliminate three security loopholes troubled in Gope–Hwang s scheme. Our objective is to propose an elliptic curve cryptography (ECC) based AKA to achieve secure implementation in GLOMONET. By performing informal and formal analyses, we demonstrate that our scheme overcomes some disadvantages in Gope–Hwang s scheme while possessing more excellent security attributes.