Efficient and Anonymous Mobile User Authentication Protocol Using Self-certified Public Key Cryptogr
Abstract—Rapid advances in wireless communication technologies have paved the way for a wide range of mobile devices to become increasingly ubiquitous and popular. Mobile devices enable anytime, anywhere access to the Internet. The fast growth of many types of mobile services used by various users has made the raditional single-server architecture inefficient in terms of its functional requirements. To ensure the availability of various mobile services, there is a need to deploy multi-server architectures. To ensure the security of various mobile services applications, the Anonymous Mobile User Authentication (AMUA) protocol without online registration using the Self-Certified Public Key Cryptography (SCPKC) for multi-server architectures was proposed in the past. However, most of past AMUA solutions suffer from malicious attacks or have unacceptable computation and communication costs. To address these drawbacks, we propose a new AMUA protocol that uses the SCPKC for multi-server architectures. In contrast to existing AMUA protocols, our proposed AMUA protocol incurs lower computation and communication costs. By comparing with two of the latest AMUA protocols, the computation and the communication costs of our protocol are at least 74.93% and 37.43% lower than them
respectively. Moreover, the security analysis of our AMUA protocol demonstrates that it satisfies the security requirements in practical applications and is provably secure in the novel security model. By maintaining security at various levels, our AMUA protocol is more practical for various mobile applications.
Existing Solution:
The computation cost associated with these protocols is not acceptable for most practical applications:
It is well known that mobile devices are resource constrained in terms of storage and computation capabilities. However, the mobile device in these protocols has to execute the bilinear paring operation and the map-to point hash operation which are two of the most complex operations in modern public key cryptography.
The security analyses of these protocols are weak:
Most of the authors of previously proposed protocols presented only a preliminary analysis of the protocols but they did not present any evaluation with any provable security model. Hence, these protocols can have various vulnerability issues leading to a number of serious attacks.
Important functions or security attributes are not supported by these protocols:
Several important functions such as key establishment and user anonymity, and security attributes such as two factor security and no verifier table are not considered in the design of these protocols. These limited functionalities prevent their deployment in various real-time applications. It remains a significant challenge to construct an AMUA protocol with better efficiency and security for multi-server architectures to protect the authorized users’ rights for various practical mobile applications.
Proposed Solution:
First, we present a new AMUA protocol for multiserver architectures using the SCPKC. To improve performance at the user end, neither bilinear pairing operation nor map-to-point hash operation is involved in the proposed AMUA protocol. Second, we perform an in-depth security analysis to show the proposed AMUA protocol is provably secure and can satisfy the security requirements of multi-server architectures. Finally, we analyze the performance of the proposed AMUA protocol to show that it incurs lower computation and communication costs than previously proposed AMUA protocols.
Software Requirements
Front End: HTML5, CSS3, JS, BootStrap
BackEnd: PHP, MYSQL
Control End: Angular JS
Tool : Cordova