Anonymous Mobile User Authentication Protocol
Rapid advances in wireless communication technologies have paved the way for a wide range of mobile devices to become increasingly ubiquitous and popular. Mobile devices enable anytime, anywhere access to the Internet. The fast growth of many types of mobile services used by various users has made the traditional single-server architecture inefficient in terms of its functional requirements. To ensure the availability of various mobile services, there is a need to deploy multi-server architectures. To ensure the security of various mobile services applications, the Anonymous Mobile User Authentication (AMUA) protocol without online registration using the Self-Certified Public Key Cryptography (SCPKC) for multi-server architectures was proposed in the past. Anonymous Mobile User Authentication Protocol
However, most of past AMUA solutions suffer from malicious attacks or have unacceptable computation and communication costs. To address these drawbacks, we propose a new AMUA protocol that uses the SCPKC for multi-server architectures. In contrast to existing AMUA protocols, our proposed AMUA protocol incurs lower computation and communication costs. By comparing with two of the latest AMUA protocols, the computation and the communication costs of our protocol are at least 74.93% and 37.43% lower than them respectively. Moreover, the security analysis of our AMUA protocol demonstrates that it satisfies the security requirements in practical applications and is provably secure in the novel security model. By maintaining security at various levels, our AMUA protocol is more practical for various mobile applications.
Software Requirements: –
Front End: HTML5, CSS3, Bootstrap
Back End: PHP, MYSQL
Control End: Angular Java Script
Android SDK – adt-bundle-windows-x86
IDE: Eclipse Mars
The computation cost associated with these protocols is not acceptable for most practical applications:
It is well known that mobile devices are resource constrained in terms of storage and computation capabilities. However, the mobile device in these protocols has to execute the bilinear paring operation and the map-to point hash operation which are two of the most complex operations in modern public key cryptography.
The security analyses of these protocols are weak:
Most of the authors of previously proposed protocols presented only a preliminary analysis of the protocols but they did not present any evaluation with any provable security model. Hence, these protocols can have various vulnerability issues leading to a number of serious attacks.
Important functions or security attributes are not
supported by these protocols:
Several important functions such as key establishment and user anonymity, and security attributes such as two factor security and no verifier table are not considered in the design of these protocols. These limited functionalities prevent their deployment in various real-time applications. It remains a significant challenge to construct an AMUA protocol with better efficiency and security for multi-server architectures to protect the authorized users’ rights for various practical mobile applications.
- First, we present a new AMUA protocol for multiserver architectures using the SCPKC. To improve performance at the user end, neither bilinear pairing operation nor map-to-point hash operation is involved in the proposed AMUA protocol.
- Second, we perform an in-depth security analysis to show the proposed AMUA protocol is provably secure and can satisfy the security requirements of multi-server architectures.
- Finally, we analyze the performance of the proposed AMUA protocol to show that it incurs lower computation and communication costs than previously proposed AMUA protocols.
- Set server password
- Change password
- Upload file
- Generate ID & Key.
- Approval change password.
User enters this system and register with own details.
User can login this system after they can view home page.
- Set Server password:
User can login this system after they can set their own password to each server.
- Change password:
User can login this system after they can view home page to select the change password.
- Upload File:
User can enter this system after they can upload their files into their server.
- Generate ID & Key:
When user register after admin can only generate id and hash key.
- Approval change password:
Admin can only give approval for change password.