Publication Type

Journal Article

Version

publishedVersion

Publication Date

9-2007

Abstract

User privacy is a notable security issue in wireless communications. It concerns about user identities from being exposed and user movements and whereabouts from being tracked. The concern of user privacy is particularly signified in systems which support roaming when users are able to hop across networks administered by different operators. In this paper, we propose a novel construction approach of anonymous and authenticated key exchange protocols for a roaming user and a visiting server to establish a random session key in such a way that the visiting server authenticates the user's home server without knowing exactly who the user is. A network eavesdropper cannot find out the user's identity either (user anonymity). In addition, visited servers cannot track the roaming user's movements and whereabouts even they collude with each other (user untraceability). Our construction approach is generic and built upon provably secure two-party key establishment protocols. Merits of our generic protocol construction include eliminating alias synchronization between the user and the home server, supporting joint key control, and not relying on any special security assumptions on the communication channel between the visiting server and the user's home server. Our protocol can also be implemented efficiently. By piggybacking some message flows, the number of message flows between the roaming user and the visiting server is only three. As of independent interest, we describe a new practical attack called deposit-case attack and show that some previously proposed protocols are vulnerable to this attack.

Keywords

Anonymity, untraceability, privacy, authenticated key exchange, roaming

Discipline

Information Security | OS and Networks

Research Areas

Information Systems and Management

Publication

IEEE Transactions on Wireless Communications

Volume

6

Issue

9

First Page

3461

Last Page

3472

ISSN

1536-1276

Identifier

10.1109/TWC.2007.06020042

Publisher

Institute of Electrical and Electronics Engineers

Additional URL

http://doi.org/10.1109/TWC.2007.06020042

Share

COinS