Cryptanalysis of an Anonymous Mutual Authentication Scheme for Secure Inter-device Communication in Mobile Networks

  • Tsu-Yang Wu
  • Weicheng Fang
  • Chien-Ming ChenEmail author
  • Guangjie Wang
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 81)


Anonymous authentication allows one entity to be authenticated by the other without revealing the identity information. In mobile networks, mobile devices communicate with each other to exchange resources. To achieve anonymous mutual authentication, the devices are anonymously authenticated under the trusted server. Recently, Chung et al. proposed a efficient anonymous mutual authentication scheme for inter-device communication using only low-cost functions, such as hash functions and exclusive-or operations. However, we find that their protocol does not preserve user’s privacy in terms of untraceability. Also, their protocol is vulnerable to a denial of service attack and a user impersonation attack.


Anonymity Mutual authentication Privacy Mobile network 



The work of Chien-Ming Chen was supported in part by the Project NSFC (National Natural Science Foundation of China) under Grant number 61402135 and in part by Shenzhen Strategic Emerging Industries Program under Grants No. ZDSY20120613125016389.


  1. 1.
    Zhang, Z., Yang, K., Hu, X., Wang, Y.: Practical anonymous password authentication and tls with anonymous client authentication. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1179–1191. ACM (2016)Google Scholar
  2. 2.
    Shin, S., Kobara, K.: Simple anonymous password-based authenticated key exchange (sapake), reconsidered. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 100, 639–652 (2017)CrossRefGoogle Scholar
  3. 3.
    Tsang, P.P., Smith, S.W.: Ppaa: peer-to-peer anonymous authentication. In: International Conference on Applied Cryptography and Network Security, pp. 55–74. Springer (2008)Google Scholar
  4. 4.
    Lu, L., Han, J., Liu, Y., Hu, L., Huai, J.P., Ni, L., Ma, J.: Pseudo trust: Zero-knowledge authentication in anonymous p2ps. IEEE Trans. Parallel Distrib. Syst. 19(10), 1325–1337 (2008)CrossRefGoogle Scholar
  5. 5.
    Wang, F., Xu, Y., Zhang, H., Zhang, Y., Zhu, L.: 2flip: a two-factor lightweight privacy-preserving authentication scheme for vanet. IEEE Trans. Veh. Technol. 65(2), 896–911 (2016)CrossRefGoogle Scholar
  6. 6.
    Chen, C.M., Li, C.T., Liu, S., Wu, T.Y., Pan, J.S.: A provable secure private data delegation scheme for mountaineering events in emergency system. IEEE Access 5, 3410–3422 (2017)CrossRefGoogle Scholar
  7. 7.
    Chen, C.M., Fang, W., Wang, K.H., Wu, T.Y.: Comments on an improved secure and efficient password and chaos-based two-party key agreement protocol. Nonlinear Dyn. 87, 1–3 (2016)Google Scholar
  8. 8.
    Chen, C.M., Xu, L., Wu, T.Y., Li, C.R.: On the security of a chaotic maps-based three-party authenticated key agreement protocol. J. Netw. Intell. 2, 61–65 (2016)Google Scholar
  9. 9.
    Chen, C.M., Wang, K.H., Wu, T.Y., Pan, J.S., Sun, H.M.: A scalable transitive human-verifiable authentication protocol for mobile devices. IEEE Trans. Inf. Forensics Secur. 8(8), 1318–1330 (2013)CrossRefGoogle Scholar
  10. 10.
    Chen, C.M., Chen, S.M., Zheng, X., Yan, L., Wang, H., Sun, H.M.: Pitfalls in an ecc-based lightweight authentication protocol for low-cost rfid. J. Inf. Hiding Multimedia Sig. Process. 5(4), 642–648 (2014)Google Scholar
  11. 11.
    Zhao, D., Peng, H., Li, L., Yang, Y.: A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wirel. Pers. Commun. 78(1), 247–269 (2014)CrossRefGoogle Scholar
  12. 12.
    Gope, P., Hwang, T.: Enhanced secure mutual authentication and key agreement scheme preserving user anonymity in global mobile networks. Wirel. Pers. Commun. 82(4), 2231–2245 (2015)CrossRefGoogle Scholar
  13. 13.
    Wang, E.K., Cao, Z., Wu, T.Y., Chen, C.M.: Mapmp: a mutual authentication protocol for mobile payment. J. Inf. Hiding Multimedia Sig. Process. 6(4), 697–707 (2015)Google Scholar
  14. 14.
    Shin, S., Yeh, H., Kim, K.: An efficient secure authentication scheme with user anonymity for roaming user in ubiquitous networks. Peer-to-peer Netw. Appl. 8(4), 674–683 (2015)CrossRefGoogle Scholar
  15. 15.
    Farash, M.S., Chaudhry, S.A., Heydari, M., Sadough, S., Mohammad, S., Kumari, S., Khan, M.K.: A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int. J. Commun. Syst. (2015)Google Scholar
  16. 16.
    Chung, Y., Choi, S., Won, D.: Anonymous mutual authentication scheme for secure inter-device communication in mobile networks. In: International Conference on Computational Science and Its Applications, pp. 289–301. Springer (2016)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Tsu-Yang Wu
    • 1
    • 2
  • Weicheng Fang
    • 3
  • Chien-Ming Chen
    • 3
    Email author
  • Guangjie Wang
    • 3
  1. 1.Fujian Provincial Key Laboratory of Big Data Mining and ApplicationsFujian University of TechnologyFuzhouChina
  2. 2.National Demonstration Center for Experimental Electronic Information and Electrical Technology EducationFujian University of TechnologyFuzhouChina
  3. 3.Harbin Institute of Technology Shenzhen Graduate SchoolShenzhenChina

Personalised recommendations