Recently, user authentication schemes for mobile devices have become increasingly critical. Because of wide use, numerous services for mobile devices are provided, and will continue to be required in the future. Occasionally, users must log on to a server to obtain services, and the server must authenticate that user. Because device resources, such as batteries, are always limited, the authentication scheme must be effective and secure. Recently, Mun et al. proposed their protocol to address this concern, claiming that their more effective scheme overcomes the weaknesses of previously proposed schemes. However, we determined that Mun et al.'s scheme is still sensitive to a masquerade attack and a man-in-the-middle attack, and fails to realize anonymity and prefect forward secrecy. In this field, we propose a novel scheme, which only uses one-way hash functions and exclusive-OR operations to implement user authentication for roaming services. The proposed scheme both solves the problems of Mun et al.'s scheme and be more effective.

• 出版日期2017-6