Provably Secure Client-Server Key Management Scheme in 5G Networks

Yang, Lei; Chen, Yeh-Cheng; Wu, Tsu-Yang

doi:https://doi.org/10.1155/2021/4083199

Wireless Communications and Mobile Computing

On this page

Abstract Introduction Related Work Background Conclusion Data Availability Conflicts of Interest References Copyright Related Articles

Special Issue

Security and Intelligence of the Internet of Things for 5G and B5G Networks

View this Special Issue

Research Article | Open Access

Volume 2021 | Article ID 4083199 | https://doi.org/10.1155/2021/4083199

Provably Secure Client-Server Key Management Scheme in 5G Networks

Lei Yang,¹Yeh-Cheng Chen,²and Tsu-Yang Wu¹

Academic Editor: Muhammad Asghar Khan

Received25 Aug 2021

Revised05 Oct 2021

Accepted07 Oct 2021

Published22 Oct 2021

Abstract

The increasing demand for real-time data transmission in wireless mobile communication networks has promoted the maturity of mobile communication technology. Fifth-generation (5G) mobile communication technology is combined with cloud computing, high-frequency signal transmission, and other technologies and perfectly fits with the client-server architecture. 5G has been applied in many fields, such as the interconnection of smart devices, virtual reality, and cloud-based life. To provide the security and availability of the required services, we proposed a key management scheme based on the multiserver architecture of the client-server mode in 5G networks, which uses bilinear pairings and elliptic curve cryptography. Through informal security analysis and formal analysis (under the random oracle model and ProVerif tool), we demonstrated that the proposed scheme can complete mutual authentication and resist common network attacks. Furthermore, after the performance analysis of our scheme and other related schemes, it was found that this scheme has relatively low communication and computation costs and better security performance.

1. Introduction

The growth of mobile data has promoted the development of fifth-generation (5G) and sixth-generation (6G) mobile networks [1–4]. The data flow in mobile communication networks is soaring, and early mobile networks cannot meet the needs of users. The 5G network integrates 4G, WiFi, and other networks, providing richer communication modes and a better user experience. Specifically, in the 2G network era, users can only read words; in the 3G network era, users can view pictures; in the 4G network era, users can watch videos; in the 5G network era, users can engage in virtual reality interaction, cloud storage, and smart device interconnection. A content delivery network (CDN), as one of the key technologies of 5G networks, adds an intelligent virtual network based on the traditional network, which can build multiple proxy servers between the users and the source server. This requires the use of the benefits of the multiserver architecture and cloud computing technology to distribute information to users. As an extension of 5G, 6G can connect terrestrial wireless and satellite communications to achieve global coverage and the interconnection of everything. In other words, 5G/6G networks have a high transmission rate, low power consumption, low time delay, and other properties, allowing them to accommodate a large number of Internet of Things (IoT) devices and mobile users.

The increase in the electromagnetic wave frequency in 5G/6G networks results in high transmission rates, but it also leads to a reduction in the coverage distance and the deployment of more base stations. Furthermore, the deployment of base stations is related to the scope of network management, in which network security management is the fundamental guarantee for users to use a good network. In addition, as an emerging mobile communication, 5G/6G networks will involve many fields, such as mobile phones, smart homes, automatic driving, and telemedicine. In applications involving IoT [5–9], security has always been a weak link in the network. The management of stored and transmitted information is important. Once the information is disclosed, tampered with, or forged, it will lead to serious consequences. In addition, the client-server-based multiserver architecture overcomes the shortage of resources and long response time of a single server and can provide powerful network data processing capability. Therefore, to solve the security difficulties in network communication and improve user experience, secure authentication schemes for key management and storage based on the multiserver architecture in mobile networks have been proposed. The client-server communication construction in 5G is shown in Figure 1.

In Figure 1, every client and server must register with the registration center to obtain a legal identity to communicate in the network. Note that the clients include users and IoT devices. Owing to the powerful storage function of cloud computing technology, each proxy server will have the corresponding backup of the transmitted information. Therefore, in the authentication phase, a legitimate client directly authenticates and confirms the session key with a proxy server without the participation of the third-party source server.

In recent years, 5G has gradually developed into the core of mobile communication systems, and its distributed service mechanism is consistent with the multiserver architecture of the client-server mode. Therefore, some researchers have started working on mutual authentication protocols based on multiserver 5G networks. In 2019, Ying and Nayak [10] introduced an anonymous multiserver authentication scheme (MSAS) using self-certified public key cryptography in 5G and declared that their scheme was secure. Unfortunately, Haq et al. [11] found that [10] did not provide untraceability and two-factor security and could not resist offline identity, password guessing attacks, or user impersonation attacks. They then proposed an enhanced MSAS in 5G networks.

In this study, we introduced a key management scheme based on the multiserver architecture of the client-server mode in 5G networks. The scheme uses passwords, smart cards, and biometric authentication to provide users with more comprehensive security. Each IoT device has a unique media access control (MAC) address, which we enter as the biometric information of the user: (i)The research shows that our scheme can guarantee anonymity, perfect forward security, and anti-impersonation attacks, and the smart card is a stolen attack in a multiserver architecture(ii)In our scheme, users and servers can complete mutual authentication without passing the registration center to avoid the communication load caused by excessive user traffic(iii)In the random oracle model, we proposed a hypothesis based on the elliptic curve discrete logarithm problem. This reveals that the proposed scheme has a secure mutual authentication process. The informal security analysis and ProVerif tool proof reveal that the proposed scheme can resist common network attacks and has a secure and complete process of generating the session key(iv)Our protocol has better performance. In a series of related schemes, the proposed scheme has relatively low communication and computation costs. This scheme is more suitable for servers in 5G communication to provide services to users

Some abbreviations used in this paper are shown in Table 1. The remainder of this paper is organized as follows. Section 2 introduces the related work. A detailed description of the proposed scheme is provided in Section 3. Section 4 provides a formal and informal security analysis of the proposed scheme. Performance analysis of the schemes is presented in Section 5, and the study is concluded in Section 6.

The earliest MSAS [12] was aimed at neural networks. Because of the time consumption of training neural networks, numerous enhanced MSASs have been proposed. In the process of remote authentication, it is not realistic to use only passwords. Using a smart card is a particularly effective resolution for user authentication and key management [13–15]. Lin et al. [16] introduced a remote MSAS without a verification table in 2003. Cao and Zhong [17] pointed out that [16] is insecure and exposed to serious user impersonation attacks. In addition, in 2004, Juang [18] pointed out that each user in [16] needs to use a large memory to store relevant parameters, which is not suitable for applications using the smart card. Moreover, [12, 16] do not generate a session key; therefore, there is a certain security risk in the communication process. Therefore, they designed an MSAS using a smart card and password. In the same year, Chang and Lee [19] thought that Juang’s scheme [18] performed significant computation in smart cards; therefore, they proposed an efficient MSAS based on the smart card. In a multiserver environment, multiple servers are required to provide services to users, and providing strong anonymity is more secure for users. In 2009, Liao and Wang [20] introduced a scheme using dynamic identity and smart card authentication and concluded that their scheme met all requirements in an MS environment. However, Hsiang and Shih [21] discovered that [20] cannot resist insider attacks and spoofing attacks. To address the above security loopholes, they submitted an enhanced MSAS using smart cards and dynamic identity.

Because passwords and smart cards may be forgotten or lost, human biometrics are added to the design of key management and authentication protocols [22], such as fingerprint, face, and iris. In 2010, Li and Hwang [23] introduced a remote MSAS based on biometrics and smart cards and declared that their scheme can resist masquerade attacks, replay attacks, and smart card stolen attacks and present mutual authentication and nonrepudiation. In 2011, Li et al. [24] found that [23] had some security flaws; that is, they did not provide correct authentication and could not resist man-in-the-middle attacks and impersonation attacks. Further, they submitted an advanced remote MSAS using smart cards and biometrics. To ensure perfect forward security and reduce the computation consumption of smart cards, Yoon and Yoo [25] proposed a distributed MSAS without a verification table based on biometrics and smart cards in 2013. Liao and Hsiao [26] introduced a remote MSAS based on pairing. However, Kim et al. [27] found that [25] could not resist offline password guessing attacks; therefore, an enhanced solution was proposed to overcome this vulnerability. Hsieh and Leu [28] pointed out that [26] would be subject to tracking attacks, and there was no preverification phase. Therefore, they improved the MSAS for mobile users using a self-certified public key. In 2014, Chuang and Chen [29] proposed a lightweight MSAS that guarantees anonymity and claimed that it can resist a variety of attacks. Mishra et al. [30] showed that [29] could not resist impersonation attacks, smart card stolen attacks, and denial of service attacks. They then submitted an enhanced MSAS based on [29]. However, Lu et al. [31] proved that [30] is vulnerable to server impersonation attacks and lacks perfect forward security in 2015. Therefore, they proposed an MSAS based on three factors. In 2016, He et al. [32] introduced an anonymous MSAS using self-certified public key encryption. Li et al. [33] pointed out that [32] would be subject to offline password guessing attacks and impersonation attacks in 2019. Furthermore, they designed a secure MSAS for key management in a cloud computing environment. It is worth noting that Chuang and Tseng [34] proposed a compatible cross-species authentication and key exchange protocol and realized independent authentication and member revocation. To solve the performance problem of low-power clients, Tseng et al. [35] proposed a lightweight identity-based mutual authentication and key exchange protocol for resource-constrained devices. Some important related works are summarized in Table 2.

3. Background and Scheme

3.1. Preliminaries

3.1.1. Hash Function

In this section, we will introduce the basics of hash functions. The hash function takes the variable-length data block as the input to generate a fixed-length hash value and satisfies the following conditions: (1)One-Way. Given , it is difficult to compute such that .(2)Weak Collision Resistance. Given , it is difficult to find so that .(3)Strong Collision Resistance. It is difficult to find so that .

3.1.2. Bilinear Pairing

Suppose is a finite field on an elliptic curve and is a large prime number. is an additive cyclic subgroup with as a generator on , and is a multiplication group with as order. For points , the bilinear pairing [33–35] is a mapping, , which has the following properties: (1)Bilinear. , where .(2)Nondegenerate. .(3)Computability. There is an efficient algorithm to compute .

3.2. Proposed Scheme

We describe a client-server key management scheme in which the client can be a user or an IoT device. The scheme is divided into four phases: initialization, registration phase, time key update phase, and key management phase. The symbols and descriptions of the scheme are listed in Table 3.

3.2.1. Initialization

The RC sets up an elliptic curve and chooses the parameters. RC selects two elliptic curve groups and with the same order . Subsequently, RC defines a bilinear pairing and computes , where is a generator of . RC chooses a random number as its private key, and is the corresponding public key. Finally, RC generates two hash functions, and , and publicizes .

3.2.2. Registration Phase

To join the system, both and must register with the RC to verify their legality. This phase includes the and registration.

(1) Server Registration Phase. The registration steps of are shown as follows: (1)Server chooses its identity and a random number and computes the public key . Thereafter, sends to RC via a secure channel(2)After receipt, RC computes and and then sends back to (3) computes as its private key and then checks if . If not equal, rejects messages. If equal, accepts and stores (4)RC stores all servers’ status and identities in a table

(2) User Registration Phase. The registration steps of are shown as follows: (1) selects identity , password , and biometric . Note that the MAC address of an IoT device is the . Thereafter, generates a random number and computes , , , , , , , and and sends to RC(2)Upon receiving, RC computes , , , , , and . Further, RC creates table , which includes all servers’ , , , and Table , which includes all users’ , , and . Subsequently, RC injects to the smart card and sends it to (3)After receiving, computes . Finally, stores into and deletes the other parameters

In other words, if a new client (including users and IoT devices) wants to join the client-server communication construction in 5G, they need to register with the RC according to the above steps in the user registration phase. After registration, the client can obtain the legal identity and corresponding information and communicate with the server.

3.2.3. Time Key Update Phase

In this phase, the RC checks the of users in and dynamically distributes time keys to legitimate users. Communication in this phase occurs in public channels. The details are as follows: (1)RC queries the of the user’s in . When is “OK,” RC selects a random number and adds into . Thereafter, RC chooses a time-valid period and computes , , and . Further, RC sends to via a public channel(2)After receiving, inserts their , inputs and, and computes , , and . Subsequently, checks if . If the equation holds, accepts the time key and stores into

3.2.4. Key Management Phase

inserts to log into the system. Subsequently, can authenticate and establish a session key using . The detailed steps are as follows: (1) inputs , , and and inserts their . then computes , , , , and and checks if . The authorized user logs into the system. Thereafter, the card reader queries and displays all the server identities . selects a server’s and chooses a random number . Further, computes , , , and and sends to (2)Upon receiving, server computes , , and and checks if . When the equation holds, generates a random number and computes , , and and sends to (3)Upon receiving, computes . Subsequently, checks if holds. When the equation holds, computes and establishes the session key . Further, computes and sends it to (4)After receipt, computes and session key . Finally, verifies whether and accepts the session key when the equation holds

The key management phase is shown in Figure 2.

4. Security Analysis

4.1. Formal Security Analysis Based on Real-Oracle-Random

We conducted a formal security analysis of the scheme under the Real-Oracle-Random (ROR) model [30, 32, 33, 36, 37]. The ROR model is used to simulate ideal hash functions. We assume that ideal hash functions are random and uniformly distributed. Suppose , , and represent the -th communication of user , the -th communication of server , and the -th communication of registry RC, respectively. The , , and act to simulate the real communications of , , and RC. Note that .

4.1.1. Queries

Subsequently, adversary verifies the security of the protocol with the following query: (1). Starting the query, obtains message records of transmission in the public channel. The execution of this query is a passive attack.(2). Starting the query, can enter a and then obtain the corresponding hash value.(3). Starting the query, sends to and receives a response from .(4). Starting the query, obtains one of the private values from .(5). Starting the query, flips coin and attempts to determine the correctness of the session key. There are only two results for flipping or . The former means that receives the session key, and the latter means that receives a random string.

4.1.2. Definitions

The proposed scheme involves the discrete logarithm problem on an elliptic curve (ECDLP) over a finite field , which is defined by the following. On the elliptic curve , given the points and of order , and , where and belong to and to , in the polynomial time , the probability that obtains that satisfies is . Furthermore, for a sufficiently small , we have the following results: .

4.1.3. Theorem

If queries in polynomial time , the advantage of breaking scheme is , where is the number of times to achieve the query, is the number of times to achieve the query, is the length of the password, and and are constants.

Proof. We define the game sequence to prove the theorem. is the event that succeeds in the game .

(1) . means starting the game without queries. At this time, the advantage of breaking is

(2) . starts executing the query. Because the query can only receive messages , , , and transmitted through the public channel,

(3) . begins to achieve the query. Based on Zipf’s law [38], we obtain

(4) . begins to achieve the query. Based on the birthday paradox, we obtain

(5) . starts to judge the security of the session key, mainly based on the following two attacks: (i)Perfect Forward Security. uses to obtain of RC and verify whether protocol can provide perfect forward security.(ii)Known Session-Specific Temporary Information Attacks. uses or or to obtain temporary information and verify whether protocol can resist the attack.

In the above two cases, the ECDLP must be solved to calculate . For , in the first case, suppose can calculate through , but and is unknown, which needs to solve ECDLP twice; in the second case, suppose obtains the random number of and further calculates , but and are still unknown. The above analysis is also true for . Therefore,

(6) . uses to obtain the information stored in . Subsequently, uses the information to launch offline password guessing attacks or stolen smart card attacks. calculates , where , , and . However, , , , , and are confidential. The probability that can successfully guess the biological information of -bit is [39], which is an extremely small value. Based on Zipf’s law [38], we have where and are constants.

(7) . starts to execute query or to verify whether protocol can resist the key compromise impersonation attacks. At this time, the advantage of breaking is

Because the probability of success and failure of is equal,

According to formulas (1)–(8), we have

Further, we have .

4.2. Formal Security Analysis Based on ProVerif

ProVerif, which is mainly used for the automatic verification of cryptographic-related security protocols, is a formal analysis tool based on the Dolev-Yao model [40] and computational model proposed by Abadi et al. and Blanchet et al. [41, 42]. The ProVerif tool [43] is based on the equivalence theory of function reduction, definition of terms and processes, structural equivalence between extended processes, and others and is applied to the security analysis of the real environment. Furthermore, the analysis and verification with ProVerif have security properties, such as confidentiality, authentication, and logic. Our proposed protocol was analyzed using ProVerif, as follows.

Some constants and functions were defined as shown in Figure 3. Among them, , , and are common operations; is a bilinear pairing operation; are exponential operations, with the first as the base and the last as the exponent. The anonymity and consistency of the protocol were analyzed using events and queries. As shown in Figure 4, the events , , and , respectively, indicate that the user starts authentication, completes login, and successfully authenticates the server; events and , respectively, indicate that the server successfully authenticates the user and completes the authentication of the session key.

Figures 5(a) and 5(b) show the specific operations of each entity and describe the authentication process between the user and the server. The results of the query using ProVerif are shown in Figure 6. The first and second results confirm that the session key is secure, and our scheme can resist key compromise impersonation attacks. The third and fourth results reveal that the proposed scheme can guarantee anonymity and resist offline password guessing attacks. The indicates that the user logs in after authentication. The indicates that user authentication is performed after the server completes authentication. The indicates that the server verifies the session key after the user completes authentication. In other words, the proposed scheme maintains consistency.

(a) Process

(b) Process

4.3. Informal Analysis

4.3.1. Insider Attacks

In the proposed scheme, are sent to RC when is registered, where , , , and . In this process, does not directly transmit passwords or biometrics. Insiders in RC cannot compute real and . Therefore, the proposed scheme can resist insider attacks.

4.3.2. User Impersonation Attacks

Malicious adversary attempts to impersonate legitimate users in communicating with . (1) intercepts , selects , and computes , , , and , where and . However, and are confidential to . Therefore, when verifies , it will reject . (2) If intercepts and forges , it attempts to pass ’s validation for . However, , where , , and are all confidential to . Therefore, declines to generate a session key with . The above analysis indicates that the proposed scheme can resist user impersonation attacks.

4.3.3. Server Impersonation Attacks

Malicious adversary attempts to impersonate to communicate with legitimate users. intercepts and , selects , and computes and, where , , and are unknown to . Therefore, cannot be forged as the to communicate with . In other words, our scheme can resist server impersonation attacks.

4.3.4. Replay Attacks

In our scheme, whenever starts a new session with , new and will participate in the session. , , , and are updated in each round, where and are used for validation and and constitute the session key. Therefore, the proposed scheme can resist replay attacks.

4.3.5. User Anonymity

In the key management phase, the user passes the virtual identity to the server, and each round of session is protected by a new random number . Accordingly, the server verifies the user’s pseudonym . Therefore, cannot extract the real identity of the user. The proposed scheme achieves user anonymity.

5. Performance Analysis

The proposed scheme is evaluated with those of [32–35] in terms of security, computation cost, communication cost, and storage cost. These five protocols all use bilinear pairing operations. Considering the practical application value, we analyzed the consumption of the login and authentication phase for computation cost and communication cost and the consumption of the registration phase for storage cost.

5.1. Security Comparison

In Table 4, we conducted a security evaluation. Let K1, K2, K3, K4, K5, K6, K7, and K8 represent user anonymity, perfect forward security, session key agreement, offline password guessing attacks, insider attacks, preverification, server impersonation attacks, and user impersonation attacks, respectively. Note that preverification means that the user needs to pass the verification of the smart card before communicating with the server. Session key agreement means that the session key needs to be established by two participants. “” indicates that the protocol can resist attacks. “” symbolizes that the protocol cannot resist the attack. Table 4 shows that the scheme in [32] is subject to server impersonation attacks and user impersonation attacks, which is a significant security hazard for the entire protocol. In addition, [32] cannot provide user anonymity and cannot resist offline password guessing attacks. The schemes in [33–35] and our scheme have strong security.

5.2. Computation Cost Comparison

In Table 5, we counted and compared the number of operations and computation time in the schemes of [32–35] and ours. denotes the time of bilinear pairing operation, denotes the time of hash operation from the map to point, represents the time consumption of exponential operation, represents the time consumption of fuzzy extraction function, represents the time consumption of scalar multiplication in , represents the time of point addition in , represents the time of multiplication in , and represents the time consumption of general hash operation. The XOR and join operations were ignored. According to [32], the approximate time consumptions of , , , , , , and are , , , , , , and for the end-user, respectively. Note that we assume . On the server-side, the approximate time consumptions of , , , , , , and were , , , , , , and , respectively. The consumption of the proposed scheme on the user-side was slightly higher than that of [33], but on the server-side, it is lower than that of their scheme. In addition, the total computation cost of the proposed scheme was slightly higher than that of [33]. In practical applications, it can cause almost the same online experience for the user. Figure 7 more intuitively shows the comparison of computation cost between our scheme and [32–35].

5.3. Communication and Storage Cost Comparison

We chose bits and bits. The output length in and is 1024 bits, and the output length for general hash operation and identity is 160 bits. The specific analysis is as follows.

In He et al.’s scheme [32], the transmitted messages are , , and , where belong to and belong to . The communication cost was 2368 bits. The stored messages are and , where belong to and belong to . The storage cost was 3392 bits.

In Li et al.’s scheme [33], the transmitted messages are , , and , where belong to and belong to . The communication cost is 3872 bits. The stored messages are and , where belong to and belong to . The storage cost was 7360 bits.

In Chuang and Tseng’s scheme [34], the transmitted messages are , , and , where belong to and belong to . The communication cost is 4416 bits. The stored messages are , , and , where belong to and belong to . The storage cost was 7424 bits.

In Tseng et al.’s scheme [35], the transmitted messages are , , and , where belong to and belong to . The communication cost is 3872 bits. The stored messages are , , , and , where belong to . The storage cost was 8192 bits.

In the proposed scheme, the transmitted messages are , , and , where belong to and belong to . The communication cost is 3712 bits. The stored messages are and , where belong to and belong to . The storage cost was 2848 bits.

Table 6 summarizes the communication and storage costs of the five schemes. It can be noticed that the communication cost of the proposed scheme is lower than that of [33–35] but slightly higher than that of [32]. However, [32] is subject to offline identity guessing and impersonation attacks. Furthermore, our scheme has the lowest storage cost. Figure 8 more intuitively shows the comparison of communication and storage costs between our scheme and [32–35].

6. Conclusion

Many researchers have proposed solutions for authentication in the multiserver architecture of the client-server mode, but most of them have some security vulnerabilities. In addition, the development of 5G technology has gradually matured, which can bring users a superfast online experience. Therefore, we proposed a secure key management protocol to protect user anonymity based on the multiserver architecture of the client-server mode in 5G. Through formal and informal analyses, we proved that our scheme has better security. Furthermore, the performance estimate confirms that the proposed scheme has higher advantages than similar schemes. Therefore, the proposed scheme is more suitable for the client-server mode of the multiserver in 5G.

Data Availability

The data used to support the findings of this study are included within the article.

Conflicts of Interest

The authors declare no conflict of interest.

References

D. Basin, J. Dreier, L. Hirschi, S. Radomirovic, R. Sasse, and V. Stettler, “A formal analysis of 5G authentication,” in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1383–1396, Toronto, Canada, 2018.
View at: Publisher Site | Google Scholar
H. Viswanathan and P. E. Mogensen, “Communications in the 6G era,” IEEE Access, vol. 8, pp. 57063–57074, 2020.
View at: Publisher Site | Google Scholar
E. K. Wang, X. Liu, C.-M. Chen, S. Kumari, M. Shojafar, and M. S. Hossain, “Voice-transfer attacking on industrial voice control systems in 5G-aided IIoT domain,” IEEE Transactions on Industrial Informatics, vol. 17, no. 10, pp. 7085–7092, 2020.
View at: Google Scholar
P. Wang, C.-M. Chen, S. Kumari, M. Shojafar, R. Tafazolli, and Y.-N. Liu, “HDMA: hybrid D2D message authentication scheme for 5G-enabled VANETs,” IEEE Transactions on Intelligent Transportation Systems, vol. 22, no. 8, pp. 5071–5080, 2021.
View at: Publisher Site | Google Scholar
S. Kumari, M. Karuppiah, A. K. Das, X. Li, F. Wu, and N. Kumar, “A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers,” The Journal of Supercomputing, vol. 74, no. 12, pp. 6428–6453, 2018.
View at: Publisher Site | Google Scholar
H. Xiong, Y. Wu, C. Jin, and S. Kumari, “Efficient and privacy-preserving authentication protocol for heterogeneous systems in IIoT,” IEEE Internet of Things Journal, vol. 7, no. 12, pp. 11713–11724, 2020.
View at: Publisher Site | Google Scholar
H. Xiong, Y. Zhao, Y. Hou et al., “Heterogeneous signcryption with equality test for IIoT environment,” IEEE Internet of Things Journal, 2020.
View at: Publisher Site | Google Scholar
M. A. Khan, I. Ullah, S. Nisar et al., “Multiaccess edge computing empowered flying ad hoc networks with secure deployment using identity-based generalized signcryption,” Mobile Information Systems, vol. 2020, Article ID 8861947, 15 pages, 2020.
View at: Publisher Site | Google Scholar
M. Asghar Khan, I. Ullah, A. Alkhalifah et al., “A provable and privacy-preserving authentication scheme for UAV-enabled intelligent transportation systems,” IEEE Transactions on Industrial Informatics, p. 1, 2021.
View at: Publisher Site | Google Scholar
B. Ying and A. Nayak, “Lightweight remote user authentication protocol for multi-server 5G networks using self-certified public key cryptography,” Journal of Network and Computer Applications, vol. 131, pp. 66–74, 2019.
View at: Publisher Site | Google Scholar
I.-U. Haq, J. Wang, and Y. Zhu, “Secure two-factor lightweight authentication protocol using self-certified public key cryptography for multi-server 5G networks,” Journal of Network and Computer Applications, vol. 161, article 102660, 2020.
View at: Publisher Site | Google Scholar
L.-H. Li, L.-C. Lin, and M.-S. Hwang, “A remote password authentication scheme for multiserver architecture using neural networks,” IEEE Transactions on Neural Networks, vol. 12, no. 6, pp. 1498–1504, 2001.
View at: Google Scholar
X. Li, J. Liao, J. Zhang, J. Niu, and S. Kumari, “A secure remote user mutual authentication scheme using smart cards,” in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 89–92, Beijing, China, 2014.
View at: Publisher Site | Google Scholar
M. Karuppiah, “Remote user authentication scheme using smart card: a review,” International Journal of Internet Protocol Technology, vol. 9, no. 2/3, pp. 107–120, 2016.
View at: Publisher Site | Google Scholar
T.-Y. Wu, Z. Lee, M. S. Obaidat, S. Kumari, S. Kumar, and C.-M. Chen, “An authenticated key exchange protocol for multi-server architecture in 5G networks,” IEEE Access, vol. 8, pp. 28096–28108, 2020.
View at: Publisher Site | Google Scholar
I.-C. Lin, M.-S. Hwang, and L.-H. Li, “A new remote user authentication scheme for multi-server architecture,” Future Generation Computer Systems, vol. 19, no. 1, pp. 13–22, 2003.
View at: Publisher Site | Google Scholar
Xiang Cao and Sheng Zhong, “Breaking a remote user authentication scheme for multi-server architecture,” IEEE Communications Letters, vol. 10, no. 8, pp. 580-581, 2006.
View at: Publisher Site | Google Scholar
W.-S. Juang, “Efficient multi-server password authenticated key agreement using smart cards,” IEEE Transactions on Consumer Electronics, vol. 50, no. 1, pp. 251–255, 2004.
View at: Publisher Site | Google Scholar
C.-C. Chang and J.-S. Lee, “An efficient and secure multi-server password authentication scheme using smart cards,” in 2004 international conference on cyberworlds, pp. 417–422, Tokyo, Japan, 2004.
View at: Publisher Site | Google Scholar
Y.-P. Liao and S.-S. Wang, “A secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standards & Interfaces, vol. 31, no. 1, pp. 24–29, 2009.
View at: Publisher Site | Google Scholar
H.-C. Hsiang and W.-K. Shih, “Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standards & Interfaces, vol. 31, no. 6, pp. 1118–1123, 2009.
View at: Publisher Site | Google Scholar
Y. Luo, W.-M. Zheng, and Y.-C. Chen, “An anonymous authentication and key exchange protocol in smart grid,” Journal of Network Intelligence, vol. 6, no. 2, pp. 206–215, 2021.
View at: Google Scholar
C.-T. Li and M.-S. Hwang, “An efficient biometrics-based remote user authentication scheme using smart cards,” Journal of Network and Computer Applications, vol. 33, no. 1, pp. 1–5, 2010.
View at: Publisher Site | Google Scholar
X. Li, J.-W. Niu, J. Ma, W.-D. Wang, and C.-L. Liu, “Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards,” Journal of Network and Computer Applications, vol. 34, no. 1, pp. 73–79, 2011.
View at: Publisher Site | Google Scholar
E.-J. Yoon and K.-Y. Yoo, “Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem,” The Journal of Supercomputing, vol. 63, no. 1, pp. 235–255, 2013.
View at: Publisher Site | Google Scholar
Y.-P. Liao and C.-M. Hsiao, “A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients,” Future Generation Computer Systems, vol. 29, no. 3, pp. 886–900, 2013.
View at: Publisher Site | Google Scholar
H. Kim, W. Jeon, K. Lee, Y. Lee, and D. Won, “Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme,” in Computational Science and Its Applications – ICCSA 2012, pp. 391–406, Springer, 2012.
View at: Publisher Site | Google Scholar
W.-B. Hsieh and J.-S. Leu, “An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures,” The Journal of Supercomputing, vol. 70, no. 1, pp. 133–148, 2014.
View at: Publisher Site | Google Scholar
M.-C. Chuang and M. C. Chen, “An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics,” Expert Systems with Applications, vol. 41, no. 4, pp. 1411–1418, 2014.
View at: Publisher Site | Google Scholar
D. Mishra, A. K. Das, and S. Mukhopadhyay, “A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards,” Expert Systems with Applications, vol. 41, no. 18, pp. 8129–8143, 2014.
View at: Publisher Site | Google Scholar
Y. Lu, L. Li, H. Peng, and Y. Yang, “A biometrics and smart cards-based authentication scheme for multi-server environments,” Security and Communication Networks, vol. 8, no. 17, 3228 pages, 2015.
View at: Publisher Site | Google Scholar
D. He, S. Zeadally, N. Kumar, and W. Wu, “Efficient and anonymous mobile user authentication protocol using self-certified public key cryptography for multi-server architectures,” IEEE Transactions on Information Forensics and Security, vol. 11, no. 9, pp. 2052–2064, 2016.
View at: Publisher Site | Google Scholar
W. Li, L. Xuelian, J. Gao, and H. Y. Wang, “Design of secure authenticated key management protocol for cloud computing environments,” IEEE Transactions on Dependable and Secure Computing, p. 1, 2019.
View at: Publisher Site | Google Scholar
Y. H. Chuang and Y. M. Tseng, “CAKE: compatible authentication and key exchange protocol for a smart city in 5G networks,” Symmetry, vol. 13, no. 4, p. 698, 2021.
View at: Publisher Site | Google Scholar
Y. M. Tseng, J. L. Chen, and S. S. Huang, “A lightweight leakage-resilient identity-based mutual authentication and key exchange protocol for resource-limited devices,” Computer Networks, vol. 196, article 108246, 2021.
View at: Publisher Site | Google Scholar
Y.-S. Jheng, R. Tso, C.-M. Chen, and M.-E. Wu, “Password-based authenticated key exchange from lattices for client/server model,” in Advances in Computer Science and Ubiquitous Computing, pp. 315–319, Springer, 2017.
View at: Publisher Site | Google Scholar
T.-Y. Wu, L. Yang, Z. Lee, C.-M. Chen, J.-S. Pan, and S. Islam, “Improved ECC-based three-factor multiserver authentication scheme,” Security and Communication Networks, vol. 2021, Article ID 6627956, 14 pages, 2021.
View at: Publisher Site | Google Scholar
D. Wang, H. Cheng, P. Wang, X. Huang, and G. Jian, “Zipf’s law in passwords,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 11, pp. 2776–2791, 2017.
View at: Publisher Site | Google Scholar
V. Odelu, A. K. Das, and A. Goswami, “A secure biometrics-based multi-server authentication protocol using smart cards,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 9, pp. 1953–1966, 2015.
View at: Publisher Site | Google Scholar
D. Dolev and A. Yao, “On the security of public key protocols,” IEEE Transactions on Information Theory, vol. 29, no. 2, pp. 198–208, 1983.
View at: Publisher Site | Google Scholar
M. Abadi and C. Fournet, “Mobile values, new names, and secure communication,” ACM SIGPLAN Notices, vol. 36, no. 3, pp. 104–115, 2001.
View at: Publisher Site | Google Scholar
B. Blanchet, “A computationally sound mechanized prover for security protocols,” IEEE Transactions on Dependable and Secure Computing, vol. 5, no. 4, pp. 193–207, 2008.
View at: Publisher Site | Google Scholar
T.-Y. Wu, Y.-Q. Lee, C.-M. Chen, Y. Tian, and N. A. Al-Nabhan, “An enhanced pairing-based authentication scheme for smart grid communications,” Journal of Ambient Intelligence and Humanized Computing, pp. 1–13, 2021.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2021 Lei Yang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

404

Downloads

473

Citations

Wireless Communications and Mobile Computing

Security and Intelligence of the Internet of Things for 5G and B5G Networks

Provably Secure Client-Server Key Management Scheme in 5G Networks

Abstract

1. Introduction

2. Related Work

3. Background and Scheme

3.1. Preliminaries

3.1.1. Hash Function

3.1.2. Bilinear Pairing

3.2. Proposed Scheme

3.2.1. Initialization

3.2.2. Registration Phase

3.2.3. Time Key Update Phase

3.2.4. Key Management Phase

4. Security Analysis

4.1. Formal Security Analysis Based on Real-Oracle-Random

4.1.1. Queries

4.1.2. Definitions

4.1.3. Theorem

4.2. Formal Security Analysis Based on ProVerif

4.3. Informal Analysis

4.3.1. Insider Attacks

4.3.2. User Impersonation Attacks

4.3.3. Server Impersonation Attacks

4.3.4. Replay Attacks

4.3.5. User Anonymity

5. Performance Analysis

5.1. Security Comparison

5.2. Computation Cost Comparison

5.3. Communication and Storage Cost Comparison

6. Conclusion

Data Availability

Conflicts of Interest

References

Copyright