Publication Type
Journal Article
Version
publishedVersion
Publication Date
9-2007
Abstract
User privacy is a notable security issue in wireless communications. It concerns about user identities from being exposed and user movements and whereabouts from being tracked. The concern of user privacy is particularly signified in systems which support roaming when users are able to hop across networks administered by different operators. In this paper, we propose a novel construction approach of anonymous and authenticated key exchange protocols for a roaming user and a visiting server to establish a random session key in such a way that the visiting server authenticates the user's home server without knowing exactly who the user is. A network eavesdropper cannot find out the user's identity either (user anonymity). In addition, visited servers cannot track the roaming user's movements and whereabouts even they collude with each other (user untraceability). Our construction approach is generic and built upon provably secure two-party key establishment protocols. Merits of our generic protocol construction include eliminating alias synchronization between the user and the home server, supporting joint key control, and not relying on any special security assumptions on the communication channel between the visiting server and the user's home server. Our protocol can also be implemented efficiently. By piggybacking some message flows, the number of message flows between the roaming user and the visiting server is only three. As of independent interest, we describe a new practical attack called deposit-case attack and show that some previously proposed protocols are vulnerable to this attack.
Keywords
Anonymity, untraceability, privacy, authenticated key exchange, roaming
Discipline
Information Security | OS and Networks
Research Areas
Information Systems and Management
Publication
IEEE Transactions on Wireless Communications
Volume
6
Issue
9
First Page
3461
Last Page
3472
ISSN
1536-1276
Identifier
10.1109/TWC.2007.06020042
Publisher
Institute of Electrical and Electronics Engineers
Citation
YANG, Guomin; WONG, Duncan S.; and DENG, Xiaotie.
Anonymous and authenticated key exchange for roaming networks. (2007). IEEE Transactions on Wireless Communications. 6, (9), 3461-3472.
Available at: https://ink.library.smu.edu.sg/sis_research/7402
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
http://doi.org/10.1109/TWC.2007.06020042