Secure Authentication Schemes for Roaming Service in Global Mobility Networks

Abstract

Distribution of resources and services via open network has become the latest trend in information technology. In the open network, hackers can easily obtain the communication data. Therefore, open network demands the security to protect data and information. Hence, network security is the most important requirement in an open network. In the security system, authentication plays a major role. User authentication is a central component of any security infrastructure. Other security measures depend upon verifying the identity of the sender and receiver of information. Authorization grants privileges based upon identity. Audit trails would not provide accountability without authentication. Confidentiality and integrity are broken if we can't reliably differentiate an authorized entity from an unauthorized entity. Remote user authentication is a mechanism to identify the remote users over an insecure communication network. In remote user authentication, password authentication is the simplest method to authenticate the user. But, the limitations in the password authentication approach leads towards the development of two-factor authentication. There are hundreds of remote user authentication schemes have been proposed by many researchers. None of the schemes achieve all the security goals and many schemes fail to provide security against various attacks. Even though some of the schemes provide the security, they are not efficient in terms of computation and communication cost. Hence, it is necessary to design an efficient and secure authentication scheme. This thesis aims to provide efficient and secure remote user authentication schemes in distributed systems and networks. There are many factors involved in authentication schemes and these factors use the characteristics of the password, smart card and biometric. This research concentrates on cryptanalysis and improvements of the smart card based two-factor remote user authentication schemes. Till date, many smart card based remote user authentication schemes have been proposed. But, every scheme has its security flaws. None of the schemes have succeeded to achieve all the security requirements and goals. Also, many schemes do not provide a strong formal proof to prove the security of the scheme. In this thesis, cryptanalysis of the recently proposed remote user authentication schemes has been done to identify the vulnerabilities. New schemes have been proposed to overcome the identified security flaws. Security of i the proposed schemes has been formally analyzed using BAN logic. Furthermore, the proposed schemes have been simulated using Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Through this simulation, it has been ensured that the proposed scheme is secure against active and passive attacks. Using NS 2 simulator, the performance metrics such as throughput, end to end delivery and packet delivery ratio are calculated for the proposed scheme. In the literature study, it is observed that to avoid the replay attack, many remote user authentication schemes depend on clock synchronization. But the clock synchronization has its own disadvantages. Also, the schemes, which are independent of clock synchronization are vulnerable to replay attack. To fix these weaknesses, a novel authentication scheme has been proposed. By employing the Elliptic Curve Diffie-Hellman (ECDH) key exchange algorithm, the proposed scheme resists the replay attack. Through the security analysis, it is proved that the scheme achieves all the security goals and resists well-known attacks like insider attack, offline password guessing attack, etc. The proposed scheme security have been analyzed using BAN logic and simulated in AVISPA tool. Through these results, it is ensured that the proposed scheme resists all security attacks. The contributions of this thesis is to the improve the security of the existing authentication schemes. In particular, this research analyzes the Gope and Hwang, Fan Wu et al. and Lee et al.'s schemes. However, the analyzed schemes have many security flaws like fail to provide user anonymity and forward secrecy, vulnerable to the stolen smart card attack, insider attack, guessing attack etc. Based on the analysis, this research proposes improved schemes to overcome the identified weaknesses. Furthermore, a novel authentication scheme has been proposed to resist security attacks. Finally, the thesis presents concluding remarks and discusses the future scope.