Security and Efficiency Enhancement of Robust ID Based Mutual Authentication and Key Agreement Scheme Preserving User Anonymity in Mobile Networks

With the rapid development of wireless communication technologies, mobile networks will enable users to use personal mobile devices to access various network information services at anytime and anyplace. Recently, Lu et al. proposed a dynamic ID based mutual authentication and key agreement scheme using elliptic curve cryptography (ECC) which attempts to support better security properties and resists various well-known security attacks. However, we introduce some design flaws in Lu et al.’s scheme, such as server impersonation attacks by launching stolen-verifier attacks. Besides, their authentication scheme is unable to preserver user anonymity and the performance of authentication and key agreement phase is inefficiency. As a remedy, the main contribution of this study is to design an improved and efficient ECC-based authentication scheme with privacy protection. We analyze its security and performance, proving that our improved scheme not only prevents security weaknesses on Lu et al.’s scheme, but also enhances system efficiency such that it can be implemented to more electronic applications in mobile communication networks.