Secure and Authentic Anonymous Roaming Service

Due to the infrastructure provided by the GLOobal MObility NETwork, mobile users are able to access many network services anytime and anywhere, even in a roaming environment. Although, a strong authentication scheme with sufficient security requirements is necessary while accessing such services. Recently, Gope et al. discussed a symmetric key based authentication protocol in this regard. However, we find that their protocol exhibits various shortfalls like privileged insider attack, offline password guessing attack, stolen smart card attack, session key compromised attack, unverified login phase, imperfect forward secrecy, improper mutual authentication, excessive database maintenance cost, synchronization problem and no password changing phase. In this article, we put forward a certificate-less anonymous two-factor authentication protocol based on Elliptic Curve Cryptography (ECC). We use BAN logic for formal verification of the protocol. Moreover, the robustness of the protocol under several security attacks is ensured using AVISPA tool-based automated security validation. The proposed protocol can provide increased security and design properties than many other recently existing schemes.

Automated summary

This paper proposes a certificate-less anonymous two-factor authentication protocol based on Elliptic Curve Cryptography (ECC). The protocol’s robustness under various security attacks is ensured through formal verification using BAN logic and automated security validation with AVISPA tool.