File(s) under permanent embargo

Efficient authentication protocol with anonymity and key protection for mobile Internet users

journal contribution
posted on 2020-03-01, 00:00 authored by Y Jiang, Y Zhu, J Wang, Yong XiangYong Xiang
To preserve user privacy and guarantee data confidentiality on the mobile Internet, it is crucial to secure communication between the mobile devices held by users and a remote server. In real applications, a serious threat against communication security is exposure of secret keys, due to the compromise of the mobile devices storing the key. One method of preserving key exposure is to use protected hardware or smart-cards, but they are costly and impractical. Another method is to utilize secret sharing to share secret key across multiple devices. Nevertheless, secret sharing schemes guarantee security only if the adversary cannot access at least one share in its entirety. In this paper, we present a remote authentication protocol, which resists key exposure. Further, we present a zero-knowledge protocol based on SDH assumption that can achieve anonymity. We formally prove our proposed solution is secure under the decision linear assumption and the qs-mSDH assumption in the random oracle model. Finally, we show our solution can achieve higher efficiency and stronger anonymity comparing with existing schemes, and thus the proposed solution is more suitable for real-world environments.

History

Journal

Journal of parallel and distributed computing

Volume

137

Pagination

179 - 191

Publisher

Elsevier

Location

Amsterdam, The Netherlands

ISSN

0743-7315

Language

eng

Publication classification

C1 Refereed article in a scholarly journal