About this Journal Submit a Manuscript Table of Contents
Journal of Applied Mathematics
Volume 2013 (2013), Article ID 302582, 12 pages
http://dx.doi.org/10.1155/2013/302582
Research Article

Secure and Efficient Anonymous Authentication Scheme in Global Mobility Networks

1ISAA Lab, Department of Information Security Engineering, Soonchunhyang University, Asan, Chungchungnam-do 336-745, Republic of Korea
2Department of Information Security Engineering, Soonchunhyang University, Asan, Chungchungnam-do 336-745, Republic of Korea

Received 28 August 2013; Accepted 16 September 2013

Academic Editor: Jongsung Kim

Copyright © 2013 Jun-Sub Kim and Jin Kwak. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

In 2012, Mun et al. pointed out that Wu et al.’s scheme failed to achieve user anonymity and perfect forward secrecy and disclosed the passwords of legitimate users. And they proposed a new enhancement for anonymous authentication scheme. However, their proposed scheme has vulnerabilities that are susceptible to replay attack and man-in-the-middle attack. It also incurs a high overhead in the database. In this paper, we examine the vulnerabilities in the existing schemes and the computational overhead incurred in the database. We then propose a secure and efficient anonymous authentication scheme for roaming service in global mobility network. Our proposed scheme is secure against various attacks, provides mutual authentication and session key establishment, and incurs less computational overhead in the database than Mun et al.'s scheme.

1. Introduction

Global mobility network (GLOMONET) provides global roaming services for mobile user between the home agent and the foreign agent. The GLOMONET must have a user authentication scheme in which the mobile user has secure access to the foreign agent. A strong user authentication scheme in GLOMONET should satisfy the following requirements: (1) user anonymity, (2) low communication cost and computation complexity, (3) single registration, (4) update session key periodically, (5) user friendly, (6) password/verifier table, (7) update password securely and freely, (8) prevention of fraud, (9) prevention of replay attack, (10) security, and (11) providing the authentication scheme when a user is located in the home network [1, 2].

Many user authentication schemes for use in GLOMONET have been proposed [118]. In 2004, Zhu and Ma [4] proposed a simple, efficient wireless authentication scheme that provides user anonymity for wireless environments. However, Lee et al. [5] subsequently pointed out that Zhu et al.’s scheme does not achieve mutual authentication and perfect backward secrecy, and therefore cannot protect against forgery attacks. They then proposed a slight modification of Zhu et al.’s scheme. Unfortunately, Wu et al. [6] demonstrated that Lee et al.’s proposed scheme still failed to provide anonymity and perfect backward secrecy. Consequently, they proposed an improvement to overcome the weakness identified in Lee et al.’s scheme. In 2009, Zeng et al. [7] showed that Wu et al.’s scheme also fails to provide anonymity. In 2012, Mun et al. [12] showed that Wu et al.’s scheme discloses the password of legitimate users and does not achieve perfect forward secrecy. They subsequently proposed a new enhancement for anonymous authentication to overcome these security weaknesses. However, their scheme is vulnerable to replay attack and man-in-the-middle attack, and incurs a high overhead in the database of the home agent.

Therefore, in this paper, we analyze the existing schemes [5, 6, 12] and show that it is vulnerable to security requirement. And we propose a secure and efficient anonymous authentication scheme that is resistant to replay attack and man-in-the-middle attack. Our proposed scheme also incurs less computational overhead in the database than Mun et al.’s scheme.

The remainder of this paper is organized as follows. In Section 2, we review the existing schemes, while in Section 3, we investigate the security vulnerabilities mentioned above. In Section 4, we present our proposed secure and efficient anonymous authentication scheme. This scheme is analyzed and compared with other schemes in Section 5. Finally, Section 6 presents our conclusions.

2. Review of the Previous Schemes

In this section, we examine variety of authentication schemes with anonymity proposed by Lee et al. [5], Wu et al. [6], and Mun et al. [12].

2.1. Lee et al.’s Scheme

Figure 1 shows the procedure of Lee et al.’s scheme. Their scheme comprises three phases: an initial phase, a first phase, and a second phase.

302582.fig.001
Figure 1: Procedure of Lee et al.’s scheme.
2.1.1. Initial Phase

When a new mobile user MU wants to register with a home agent HA, he/she performs the following steps.

Step  1. Consider .

MU sends his/her identifier to HA for registration.

Step  2. HA computes and , where is a long random number kept by HA.

Step  3. Consider .

HA delivers and a smart card containing to MU through a secure channel.

2.1.2. First Phase

In this phase, FA authenticates MU and issues a temporary certificate to MU, which will be used in the second phase when MU always communicates this FA within this area. MU performs the following steps.

Step  1. Consider .

MU computes and temporary key , and encrypts using symmetric key , where and are secret random numbers. And, MU sends , , , and to FA.

Step  2. Consider .

If timestamp is valid, FA generates a secret random number and computes signature using private key . And, sends , , , , , , and to .

Step  3. Consider .

If certificate and timestamp are valid, HA computes and , and decrypts using symmetric key . If is identical to , HA authenticates MU. And, HA encrypts using public key and computes signature using private key . HA then sends , , , , and to FA.

Step  4. Consider .

If certificate and timestamp are valid, FA issues the temporary certificate and decrypts using private key . And, FA computes and session key and encrypts using symmetric key . FA then sends to MU.

Step  5. MU computes and session key and decrypts using symmetric key . If is identical to , MU authenticates FA.

2.1.3. Second Phase

In this phase, MU visits FA at th session when he/she is always within this FA. MU performs the following steps.

Step  1. Consider .

MU encrypts using symmetric key , where , for . And, MU sends and to FA.

Step  2. If is valid, FA decrypts using symmetric key . If received if identical to obtained , FA authenticates MU.

2.2. Wu et al.’s Scheme

Figure 2 shows the first and second phase of Wu et al.’s scheme. Their scheme comprises three phases: an initial phase, a first phase, and a second phase. The initial phase is the same as the initial phase of Lee et al.’s scheme.

302582.fig.002
Figure 2: First and second phase of Wu et al.’s scheme.
2.2.1. First Phase

In this phase, FA authenticates MU and issues a temporary certificate to MU, which will be used in the second phase when MU always communicates this FA within this area. MU performs the following steps.

Step  1. Consider .

MU computes and temporary key , and encrypts using symmetric key , where and are secret random numbers. And, MU sends , , , and to FA.

Step  2. Consider .

If timestamp is valid, FA generates a secret random number and computes signature using private key . And, FA sends , , , , , , and to HA.

Step  3. Consider .

If certificate and timestamp are valid, HA computes and , and decrypts using symmetric key . If is identical to , authenticates MU. And, HA encrypts using public key and computes signature using private key . HA then sends , , , , and to FA.

Step  4. Consider .

If certificate and timestamp are valid, FA issues the temporary certificate and decrypts using private key . And, computes and session key and encrypts using symmetric key . FA then sends to MU.

Step  5. MU computes and session key and decrypts using symmetric key . If is identical to , MU authenticates FA.

2.2.2. Second Phase

In this phase, MU visits FA at session when he/she is always within this FA. MU performs the following steps.

Step  1. Consider .

MU encrypts using symmetric key , where , for . And, MU sends and to FA.

Step  2. If is valid, FA decrypts using symmetric key . If received if identical to obtained , FA authenticates MU.

2.3. Mun et al.’s Scheme

Their scheme comprises three phases: a registration phase, an authentication phase, and an update phase.

2.3.1. First Phase

Figure 3 shows the procedure of the first phase. When a new MU, wants to register with HA, he/she performs the following steps.

302582.fig.003
Figure 3: First phase of Mun et al.’s scheme.

Step  1. Consider .

MU sends his/her identifier and nonce to HA for registration.

Step  2. HA generates nonce and computes and .

Step  3. Consider .

HA sends , , , , and to MU through a secure channel.

2.3.2. Second Phase

Figure 4 shows the procedure of the second phase. In this phase, for mutual authentication between MU and HA and between MU and a foreign agent FA, the following steps are performed.

302582.fig.004
Figure 4: Second phase of Mun et al.’s scheme.

Step  1. Consider .

MU accesses the new FA and sends , , and to it.

Step  2. Consider .

FA stores the message received from MU for further communication and generates nonce . FA then sends , , and to HA.

Step  3. Consider .

HA computes and checks whether is identical to the received . If they are identical, HA authenticates MU. Next, HA computes and , and sends the computed and to FA.

Step  4. Consider .

FA computes and checks whether is identical to the received . FA then computes , selects a random number , and then computes on using the elliptic curve Diffie-Hellman (ECDH) protocol. Next, FA sends , , and to MU.

Step  5. Consider .

MU computes and , and checks whether is identical to the received . If they are identical, MU authenticates HA and FA. After checking , MU selects a random number and computes , a session key using the received and the computed , and . Next, MU sends the computed and to FA.

Step  6. FA computes using private and public values, and . FA then checks whether is identical to the received . If they are identical, FA authenticates MU.

2.3.3. Third Phase

The procedure followed in the third phase is depicted in Figure 5. The steps are as follows.

302582.fig.005
Figure 5: Third phase of Mun et al.’s scheme.

Step  1. Consider .

MU selects a new random number and computes . MU then sends and to FA.

Step  2. Consider .

FA selects a new random number and computes . It then computes a new session key and . Next, it sends and to MU.

Step  3. MU computes a session key , using the received , the computed , and . MU then checks whether is identical to the received . If they are identical, MU and FA use the new session key .

3. Vulnerabilities in the Previous Schemes

3.1. Vulnerability of Lee et al.’s and Wu et al.’s Scheme

Lee et al.’s and Wu et al.’s scheme are almost the same. Therefore, their schemes are also the same vulnerabilities. Their scheme is vulnerable replay attack, is disclosed password, and cannot achieve anonymity and perfect forward secrecy.

3.1.1. Anonymity

An adversary can eavesdrop on and record the message transmitted from MU to FA, and can obtain MU’s as follows.

Step  1. register as legitimate user to HA and obtain own and . And, compute using , , , and .

Step  2. eavesdrops on and records messages transmitted from FA to MU.

Step  3. compute using , , and .

Therefore, Lee et al.’s and Wu et al.’s scheme cannot achieve anonymity [7].

3.1.2. Replay Attack

Legitimate can record the message transmitted from MU, and can then impersonate MU by using the recorded message to another as follows.

Step  1. accesses another and sends recorded message to this . can replay this message within the lifetime of . After receiving this message, sends the message to HA.

Step  2. HA compute and checks whether the computed is identical to the received . If they are identical, HA authenticate , then sends the message to .

Step  3. computes session key and sends the message to . computes the session key between and MU, which is the same as the session key between and . And, decrypts and authenticates .

Therefore, Lee et al.’s and Wu et al.’s scheme is vulnerable to replay attack [11].

3.1.3. Disclosure Password

If an adversary can steel MU’s smart card, can obtain MU’s password as follows.

Step  1. can record the message transmitted from MU to FA. And, as described in Section 3.1.1, can obtain the message .

Step  2. stole MU’s smart card, inserts MU’ smart card into the device, and enters the fake password . The smart card computes and obtains by eavesdropping.

Step  3. computes using , , , and .

Therefore, Lee et al.’s and Wu et al.’s scheme are disclosed password [11].

3.1.4. Perfect Forward Secrecy

Assume that an adversary obtain MU’s password . Failing to provide perfect forward secrecy is as follows.

Step  1. computes using and and decrypts using . Thus, obtains , , and .

Step  2. computes session key using , , and and decrypts using . Thus, obtains .

Step  3. computes session key using , , and .

Therefore, Lee et al.’s and Wu et al.’s scheme cannot achieve perfect forward secrecy [11].

3.2. Vulnerability of Mun et al.’s Scheme

Mun et al. claimed that their scheme can thwart a variety of known attacks. Unfortunately, we found that their scheme is vulnerable to replay attack and man-in-the-middle attack. In addition, their scheme incurs a high overhead in the database of the home agent.

3.2.1. Replay Attack

In Mun et al.’s scheme, an adversary can eavesdrop on and record the message transmitted from MU to FA; and can then impersonate MU by using the recorded message as follows.

Step  1. accesses a new FA and sends the recorded message to this FA. After receiving this message, the FA sends the message to HA.

Step  2. HA computes and checks whether is identical to the received . If they are identical, HA authenticates , then computes and , and sends the message to FA. On receiving this message, FA computes and checks whether is identical to the received . Next, FA sends the message to .

Step  3. computes and checks whether is identical to the received . If they are identical, authenticates HA and FA, then computes and SMF, and sends the message to FA. On receiving this message, FA computes and checks whether is identical to the received . If they are identical, FA authenticates .

Therefore, Mun et al.’s scheme is vulnerable to replay attack [18].

3.2.2. Man-in-the-Middle Attack

In Mun et al.’s scheme, an adversary can eavesdrop on messages transmitted between and MU. Consequently, can also successfully mount a man-in-the-middle attack as follows.

Step  1. blocks and copies the message transmitted from FA to MU. It then selects a new random number , computes , replaces message with , and sends this to MU.

Step  2. MU computes and , and checks whether is identical to the received . After checking , MU selects a random number and computes , a session key using the received , the computed , and . Next, MU sends the message to FA.

Step  3. blocks and copies the message transmitted from MU to FA. It then selects a new random number and computes , a session key using the copied and the computed , and . Next, replaces message with and sends this to FA.

Step  4. FA computes using private and public values and . It then checks whether is identical to the value received for . If they are identical, FA authenticates MU. However, the session key between FA and MU is different.

Therefore, Mun et al.’s scheme is vulnerable to man-in-the-middle attack [18].

3.2.3. High Overhead

For authentication, MU sends message to FA. After receiving this message, sends message to HA. In order to authenticate MU, HA computes . To compute for MU, HA must find and in its own database to compute the authentication message. However, HA incurs a high overhead because of the difficulty of finding and in the authentication message. In addition, HA incurs computational cost because of the one-way hash function and exclusive OR operation used to compute the authentication message. In other words, HA computes the authentication message using and in its own database, and incurs a high overhead because it has to compare it with the received authentication message.

4. Our Proposed Scheme

In this section, we propose a secure and efficient anonymous authentication scheme for roaming services in GLOMONETs. This scheme consists of three phases: a registration phase, an authentication and key establishment phase, and an update session key phase.

4.1. Notation

Table 1 shows the notation used to describe our proposed scheme.

tab1
Table 1: Notation used in our proposed scheme.
4.2. Registration Phase

Figure 6 illustrates the procedure of the registration phase. When a new MU wants to register with HA, he/she performs the following steps.

302582.fig.006
Figure 6: Registration phase of our proposed scheme.

Step  R1. Consider .

MU selects the identity and a random nonce , and sends and to HA for registration.

Step  R2. Consider .

After receiving the registration message from MU, HA selects a random nonce and computes the following:

HA then issues a smart card containing and delivers it to MU through a secure channel.

4.3. Authentication and Key Establishment Phase

The procedure followed in the authentication and key establishment phase is illustrated in Figure 7. In this phase, to attain mutual authentication between MU and HA, and between MU and FA, the following actions are performed.

302582.fig.007
Figure 7: Authentication and key establishment phase of our proposed scheme.

Step  A1. Consider .

For authentication, MU selects a random nonce and a random number , and computes value on using ECDH. MU then computes the following:

Next, MU sends , , , , , and to FA.

Step  A2. Consider .

FA stores the and received from MU for further communication, selects a random number , and computes the value on using ECDH. FA then sends , , , , , , and to HA.

Step  A3. Consider .

On receiving the authentication message from FA, HA computes the following:

HA then checks whether is identical to . If they are identical, HA authenticates MU. HA then computes and sends , , , , and to FA.

Step  A4.  .

FA checks , , and , and sends , , , , and to MU.

Step  A5. .

MU checks and , and computes . MU checks whether is identical to . If they are identical, MU authenticates HA and FA. MU then computes using private and public keys and . Next, MU sends to FA.

Step  A6. FA computes using private and public keys and . FA then checks whether is identical to . If they are identical, FA authenticates MU. Otherwise, the procedure is terminated.

4.4. Update Session Key Phase

The update session key phase is the same as the third phase of Mun et al.’s scheme, as shown in Figure 5.

5. Analyses

5.1. Security Analysis

Table 2 compares the security of existing schemes with that of our proposed scheme. Our scheme has the following security properties.

tab2
Table 2: Security analysis of the compared schemes.

Anonymity. Assume that an adversary intercepts the message over a public network. An adversary cannot derive the identifier of the mobile user from , , , and . This is because an adversary does not know , , and .

Perfect Forward Secrecy. The authentication and key establishment and update session key phases of our scheme use ECDH to provide perfect forward secrecy. To establish a session key, MU and FA use different and for each session, and thus they are not related to previous values and . Thus, if the previous session key , is disclosed, an adversary cannot guess . In other words, guessing is a computationally difficult problem.

Mutual Authentication. HA can authenticate MU by checking in Step A3 of the authentication and key establishment phase, and MU can authenticate HA and FA by checking in Step A5 of the authentication and key establishment phase. And, FA can authenticate MU by checking in Step A6 of the authentication and key establishment phase.

Impersonation Attack. An adversary A cannot compute the authentication message because he/she cannot know , , , , and . Even if is a legitimate user of HA, he/she cannot compute the authentication message .

Disclosure of Password. We assume that an adversary eavesdrops on MU’s authentication message in the authentication and key establishment phase. However, cannot know MU’s from the authentication message by the nature of a one-way hash function.

Replay Attacks. MU uses a random nonce and checks to resist replay attacks in each authentication session. If an adversary is replaying the previous authentication message, but he/she cannot authenticate from HA because fail to check.

Man-in-the-Middle Attacks. Man-in-the-middle attacks are thwarted because of the authentication between MU and HA. Similarly, man-in-the-middle attacks can be thwarted by the establishment of a session key between MU and FA.

5.2. Performance Analysis

Table 3 compares the performance of existing schemes with that of our proposed scheme. Our scheme incurs less communication cost than conventional schemes [46]. Although our scheme incurs a little more communication cost than Mun et al.’s scheme, it incurs less computational overhead in the database than Mun et al.’s scheme [12].

tab3
Table 3: Performance analysis of the compared schemes.

No Need for Time Synchronization. Conventional schemes use timestamps to resist replay attacks. Thus, time synchronization takes place when each entity is located in a different time zone. However, our scheme does not use timestamps, so there is no need to synchronize time between different entities.

Use of ECDH. Conventional schemes use certificates. However, mobile devices have power limitations; low-level computation based on certificates incurs a significant overhead. Our scheme uses ECDH instead of a public key cryptosystem with certificates in order to reduce the communication overhead. ECDH provides the same security properties and uses fewer resources than a public key cryptosystem with certificates. The performance advantage of ECDH is improved further as security needs increase.

Overhead Analysis. Our proposed authentication scheme can be compared with Mun et al.’s scheme in terms of the database overhead incurred by HA as the number of devices increase. In order to compare the overhead, the following terms are defined: the number of devices is , the identifier stored in the database of the home agent is , the computational cost for a one-way hash function and exclusive OR operation is (it is assumed that the computational cost for a one-way hash function and exclusive OR operation is 2, thus, ), and, finally, the overhead in the database of the home agent is . Thus, the overhead can be expressed as , that is, . Mun et al.’s scheme must obtain identifier and password information from its own database in order to compute the authentication message. However, their scheme compares the authentication message to compute the identifier and password of all the mobile users stored in its own database because of the difficulty of finding identifier and password information in the authentication message. For example, in Mun et al.’s scheme, if the number of devices to be authenticated by HA is 30, the number of identifiers stored in the database of the home agent is also 30, the computational cost for a one-way hash function and exclusive OR operation is 2 (according to Mun et al.’s scheme, because of the computational cost incurred); therefore, the overhead incurred in the database of HA is . Our proposed scheme can compute the authentication message in its own database because the identifier information can be found in the authentication message. For example, in our proposed scheme, if the number of devices to be authenticated by the home agent is 30, the number of identifiers stored in the database of the home agent is also 30, the computational cost for a one-way hash function and exclusive OR operation is 1 (our proposed scheme does not incur computational cost; thus, ), and thus, the overhead incurred in the database of HA is . Just like our proposed scheme, Lee et al.’s and Wu et al.’s scheme are the same overhead analysis. Compared to the existing scheme, our proposed scheme incurs less computational overhead in the database (Figure 8).

302582.fig.008
Figure 8: Analysis of overhead incurred versus number of devices.

6. Conclusion

In this paper, we examined the previous schemes and security vulnerabilities of the previous schemes. Lee et al.’s and Wu et al.’s scheme was vulnerable to replay attack, cannot achieved perfect forward secrecy, cannot provided anonymity. And Mun et al.’s scheme was vulnerable to replay attack and man-in-the-middle attack, and incurred a high overhead in the database. Therefore, we proposed a secure and efficient anonymous authentication scheme for roaming service in GLOMONET. Our scheme was developed using ECDH instead of the authentication mechanism used by Mun et al.’s scheme. Consequently, unlike Mun et al.’s scheme, our scheme achieves anonymity, provides perfect forward secrecy and mutual authentication, and is resistant to replay attack and man-in-the-middle attack. And our scheme incurs less overhead in the database than Mun et al.’s scheme does. In addition, our scheme does not use timestamps, and as a result, it does not need to synchronize time between different entities.

Acknowledgments

This research was funded by the MSIP (Ministry of Science, ICT & Future Planning), Korea in the ICT R&D Program 2013. This work was supported by the Soonchunhyang University Research Fund. The authors declare that there is no conflict of interests regarding the publication of this article.

References

  1. S. Suzuki and K. Nakada, “An authentication technique based on distributed security management for the global mobility network,” IEEE Journal on Selected Areas in Communications, vol. 15, no. 8, pp. 1608–1617, 1997. View at Publisher · View at Google Scholar · View at Scopus
  2. D. He and S. Chan, “A secure and lightweight user authentication scheme with anonymity for the global mobility network,” in Proceedings of the 13th International Conference on Network-Based Information Systems (NBiS '10), pp. 305–312, Takayama, Japan, September 2010. View at Publisher · View at Google Scholar · View at Scopus
  3. L. Buttyán, C. Gbaguidi, and S. Staamann, “Extensions to an authentication technique proposed for the global mobility network,” IEEE Transactions on Communications, vol. 48, no. 3, pp. 373–376, 2000. View at Publisher · View at Google Scholar · View at Scopus
  4. J. Zhu and J. Ma, “A new authentication scheme with anonymity for wireless environments,” IEEE Transactions on Consumer Electronics, vol. 50, no. 1, pp. 231–235, 2004. View at Publisher · View at Google Scholar · View at Scopus
  5. C. Lee, M. Hwang, and I. Liao, “Security enhancement on a new authentication scheme with anonymity for wireless environments,” IEEE Transactions on Industrial Electronics, vol. 53, no. 5, pp. 1683–1687, 2006. View at Publisher · View at Google Scholar · View at Scopus
  6. C. Wu, W. Lee, and W. Tsaur, “A secure authentication scheme with anonymity for wireless communications,” IEEE Communications Letters, vol. 12, no. 10, pp. 722–723, 2008. View at Publisher · View at Google Scholar · View at Scopus
  7. P. Zeng, Z. Cao, K. R. Choo, and S. Wang, “On the anonymity of some authentication schemes for wireless communications,” IEEE Communications Letters, vol. 13, no. 3, pp. 170–171, 2009. View at Publisher · View at Google Scholar · View at Scopus
  8. J. Lee, J. H. Chang, and D. H. Lee, “Security flaw of authentication scheme with anonymity for wireless communications,” IEEE Communications Letters, vol. 13, no. 5, pp. 292–293, 2009. View at Publisher · View at Google Scholar · View at Scopus
  9. C. Chang, C. Lee, and Y. Chiu, “Enhanced authentication scheme with anonymity for roaming service in global mobility networks,” Computer Communications, vol. 32, no. 4, pp. 611–618, 2009. View at Publisher · View at Google Scholar · View at Scopus
  10. T. Youn, Y. Park, and J. Lim, “Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks,” IEEE Communications Letters, vol. 13, no. 7, pp. 471–473, 2009. View at Publisher · View at Google Scholar · View at Scopus
  11. D. He, M. Ma, Y. Zhang, C. Chen, and J. Bu, “A strong user authentication scheme with smart cards for wireless communications,” Computer Communications, vol. 34, no. 3, pp. 367–374, 2011. View at Publisher · View at Google Scholar · View at Scopus
  12. H. Mun, K. Han, Y. S. Lee, C. Y. Yeun, and H. H. Choi, “Enhanced secure anonymous authentication scheme for roaming service in global mobility networks,” Mathematical and Computer Modelling, vol. 55, no. 1-2, pp. 214–222, 2012. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  13. Q. Pu, “An enhanced authentication scheme with anonymity for roaming service in global mobility networks,” in Proceedings of the 2nd International Conference on MultiMedia and Information Technology (MMIT '10), pp. 219–222, Kaifeng, China, April 2010. View at Publisher · View at Google Scholar · View at Scopus
  14. T. Zhou and J. Xu, “Provable secure authentication protocol with anonymity for roaming service in global mobility networks,” Computer Networks, vol. 55, no. 1, pp. 205–213, 2011. View at Publisher · View at Google Scholar · View at Scopus
  15. T. Lee and T. Hwang, “Provably secure and efficient authentication techniques for the global mobility network,” Journal of Systems and Software, vol. 84, no. 10, pp. 1717–1725, 2011. View at Publisher · View at Google Scholar · View at Scopus
  16. C. C. Lee, Y. M. Lai, and C. T. Li, “An improved secure dynamic ID based remote user authentication scheme for multi-server environment,” International Journal of Security and Its Applications, vol. 6, pp. 203–210, 2012.
  17. Y. An and Y. Joo, “Security analysis and improvements of a password-based mutual authentication scheme with session key agreement,” International Journal of Security and Its Applications, vol. 7, pp. 85–94, 2013.
  18. J. S. Kim and J. Kwak, “Improved secure anonymous authentication scheme for roaming service in global mobility networks,” International Journal of Security and Its Applications, vol. 6, pp. 45–54, 2012.