The concept of anonymous channel ticket is one of the effective measures to protect user privacy and to reduce the overhead of re-authentication for wireless environments. Most recently, Hsieh et al. proposed an anonymous authentication protocol based on elliptic curve cryptography to enhance the efficiency and security strength. However, we identify that Hsieh et al.'s scheme has four weaknesses. (1) The scheme fails to provide identity anonymity. (2) The ticket authentication phase of the scheme suffers from desynchronization attack. (3) The scheme is vulnerable to the privileged insider attack. (4) Users cannot change passwords when required. We further propose an improved authentication scheme, which not only preserves the merits of the scheme of Hsieh et al., but also enjoys several other advantages. Our improved scheme is effective in protection from the weaknesses identified and achieves user anonymity and unlinkability. We compare the functionality and performance of our improved scheme with other related schemes, which indicates that our scheme is more secure and yet efficient for wireless access networks.

• 出版日期2014-7
• 单位中国科学技术信息研究所; 西安电子科技大学