Ya-Fen Chang, Huan-Wen Chen, TingMao Chang, W. Tai
{"title":"Security Analyses of an Anonymous Two Factor Authentication Protocol for Roaming Service in Global Mobile Networks","authors":"Ya-Fen Chang, Huan-Wen Chen, TingMao Chang, W. Tai","doi":"10.1109/SNPD51163.2021.9704963","DOIUrl":null,"url":null,"abstract":"Recently, Gupta and Chaudhari proposed an anonymous two factor authentication protocol for roaming service in global mobile networks. They claimed that their scheme could not only ensure strong user anonymity, mutual authentication and perfect forward secrecy but also resist desynchronization attack, password guessing attack, replay attack, and insider attack. After analyzing their scheme, we find that it suffers from some flaws. First, the foreign agent cannot determine who the home agent is and whether the received request is for itself or not. Second, some operation cannot be executed by the home agent to record the number of authentication failure. Third, the foreign agent cannot determine whether the message received sent by the home agent is for itself or not. Fourth, a malicious user can mount parallel attack to obtain the unauthorized service. In this paper, we will show how these flaws threaten Gupta and Chaudhari’s protocol.","PeriodicalId":235370,"journal":{"name":"2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-11-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SNPD51163.2021.9704963","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Recently, Gupta and Chaudhari proposed an anonymous two factor authentication protocol for roaming service in global mobile networks. They claimed that their scheme could not only ensure strong user anonymity, mutual authentication and perfect forward secrecy but also resist desynchronization attack, password guessing attack, replay attack, and insider attack. After analyzing their scheme, we find that it suffers from some flaws. First, the foreign agent cannot determine who the home agent is and whether the received request is for itself or not. Second, some operation cannot be executed by the home agent to record the number of authentication failure. Third, the foreign agent cannot determine whether the message received sent by the home agent is for itself or not. Fourth, a malicious user can mount parallel attack to obtain the unauthorized service. In this paper, we will show how these flaws threaten Gupta and Chaudhari’s protocol.