Secure anonymous authentication protocol with unlinkability for mobile wireless environment

Abstract

In the past couple of years, user privacy has become one of the major information security concerns for mobile device users when Internet access is available through mobile wireless environment. Several anonymous authentication protocols for mobile wireless environment have been proposed to meet mobile user requirements on security and privacy. In 2011, Li et al. showed that the authentication scheme proposed by Xu and Feng did not provide user unlinkability and has time synchronization problem. They also proposed an enhanced authentication protocol. This study reveals that the scheme of Li et al. is vulnerable to de-synchronization attack and time synchronization problem. A new anonymous authentication protocol for mobile wireless environment is introduced to immunize de-synchronization attack and avoid time synchronization issue. In addition, user privacy is achieved by supporting user unlinkability in the proposed protocol. Security analyses show that the proposed protocol is able to defend against major attacks on user authentication.