AMAPG: Advanced Mobile Authentication Protocol for GLOMONET

Abstract

Roaming is when the mobile user goes out of his/her home agent network coverage and loses its signal. Loss of coverage and signals may be limited to a remote area or may occur when mobile user leaves the country and moves to a country where his/her mobile carrier network is not available. In this case, the mobile device is in roaming mode. In this mode, mobile user through connection to a Foreign Agent can still use its home agent services if his/her authentication be successful. In such situations, the authentication mechanism plays a key and important role, where the mobile user often needs to integrate and secure roaming service over multiple foreign agents. Designing a secure mechanism in Global Mobility Network (GLOMONET) is a difficult and complex task due to the computational and processing limitations of most mobile devices, as well as the wireless nature of communication environment. Unfortunately, most of the authentication schemes that have been proposed so far to meet this goal have failed to achieve their goal. In this line, Shashidhara et al. recently reported security vulnerabilities of Xu et al.'s mobile authentication scheme, and also presented an amended version of it. This paper shows that this proposed scheme has security flaws against impersonation, traceability, forward secrecy contradiction, and stolen smart card attacks, which implies that this protocol may not be a proper choice to be used on GLOMONET. On the other hand, we propose AMAPG, as a cost-efficient remedy version of the protocol which provides desired security against various attacks and also prove its security using BAN logic. We also evaluate AMAPG's security using Scyther as a widely used formal tool to evaluate the security correctness of the cryptographic protocols.