A secure authentication and key agreement scheme for roaming service with user anonymity

Summary Nowadays, with the advancement of wireless technologies, global mobility networks offer roaming services for mobile users. Since in global mobility networks the communication channel is public, adversaries can launch different security attacks to breach the security and privacy of data and mobile users. Hence, an authentication and key agreement scheme can be used to provide secure roaming services. It is well known that the conventional authentication schemes are not suitable for global mobility networks, because the authentication server of each network has the credentials of its registered users and thus cannot verify the authenticity of the other mobile users. Hence, for providing secure roaming services, another type of authentication called roaming authentication is required. Hitherto, a large number of authentication protocols have been proposed for global mobility networks. However, most of them have been proved to be insecure against various attacks. This paper proposes a secure and efficient authentication and key agreement scheme for global mobility networks. The proposed scheme is based on the elliptic curve cryptosystem. The correctness of the proposed scheme is verified using Burrows‐Abadi‐Needham logic. In addition, the security of the proposed scheme is proved using ProVerif. Detailed analyses demonstrate that the proposed scheme not only withstands various security attacks but also improves the efficiency by reducing the computational costs. In this paper, we have demonstrated that the scheme of Karuppiah et al is vulnerable to off‐line password‐guessing attacks and does not provide perfect forward secrecy that is an important security requirement for security protocols. Then, we have proposed a novel authentication and key agreement scheme to overcome the security weaknesses of the previous works. We have used Burrows‐Abadi‐Needham logic to prove the correctness and completeness of the proposed scheme. We have used the ProVerif tool to prove the security of the proposed scheme. Security and performance analyses demonstrate that the proposed scheme not only provides an acceptable level of the security but also is more efficient than the previous schemes.