Security Analyses of an Anonymous Two Factor Authentication Protocol for Roaming Service in Global Mobile Networks

2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD) Pub Date : 2021-11-24 DOI:10.1109/SNPD51163.2021.9704963

Ya-Fen Chang, Huan-Wen Chen, TingMao Chang, W. Tai

{"title":"Security Analyses of an Anonymous Two Factor Authentication Protocol for Roaming Service in Global Mobile Networks","authors":"Ya-Fen Chang, Huan-Wen Chen, TingMao Chang, W. Tai","doi":"10.1109/SNPD51163.2021.9704963","DOIUrl":null,"url":null,"abstract":"Recently, Gupta and Chaudhari proposed an anonymous two factor authentication protocol for roaming service in global mobile networks. They claimed that their scheme could not only ensure strong user anonymity, mutual authentication and perfect forward secrecy but also resist desynchronization attack, password guessing attack, replay attack, and insider attack. After analyzing their scheme, we find that it suffers from some flaws. First, the foreign agent cannot determine who the home agent is and whether the received request is for itself or not. Second, some operation cannot be executed by the home agent to record the number of authentication failure. Third, the foreign agent cannot determine whether the message received sent by the home agent is for itself or not. Fourth, a malicious user can mount parallel attack to obtain the unauthorized service. In this paper, we will show how these flaws threaten Gupta and Chaudhari’s protocol.","PeriodicalId":235370,"journal":{"name":"2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-11-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SNPD51163.2021.9704963","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Recently, Gupta and Chaudhari proposed an anonymous two factor authentication protocol for roaming service in global mobile networks. They claimed that their scheme could not only ensure strong user anonymity, mutual authentication and perfect forward secrecy but also resist desynchronization attack, password guessing attack, replay attack, and insider attack. After analyzing their scheme, we find that it suffers from some flaws. First, the foreign agent cannot determine who the home agent is and whether the received request is for itself or not. Second, some operation cannot be executed by the home agent to record the number of authentication failure. Third, the foreign agent cannot determine whether the message received sent by the home agent is for itself or not. Fourth, a malicious user can mount parallel attack to obtain the unauthorized service. In this paper, we will show how these flaws threaten Gupta and Chaudhari’s protocol.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

全球移动网络漫游服务匿名双因素认证协议的安全性分析

最近，Gupta和Chaudhari提出了一种用于全球移动网络漫游服务的匿名双因素认证协议。他们声称，他们的方案不仅可以保证强用户匿名性、相互认证和完善的前向保密，而且可以抵抗去同步攻击、猜密码攻击、重放攻击和内部攻击。通过分析他们的方案，我们发现它存在一些缺陷。首先，外国代理不能确定谁是本国代理，以及所收到的请求是否为自己。第二，某些操作不能被主代理执行，记录身份验证失败的次数。第三，国外代理不能确定接收到的本国代理发送的消息是否是给自己的。第四，恶意用户可以进行并行攻击以获取未经授权的服务。在本文中，我们将展示这些缺陷如何威胁Gupta和Chaudhari的协议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)

自引率

0.00%

发文量