Formal Security-Proved Mobile Anonymous Authentication Protocols with Credit-Based Chargeability and Controllable Privacy
Smart mobile phones are widely popularized and advanced mobile communication services are provided increasingly often, such that ubiquitous computing environments will soon be a reality. However, there are many security threats to mobile networks and their impact on security is more serious than that in wireline networks owing to the features of wireless transmissions and the ubiquity property. The secret information which mobile users carry may be stolen by malicious entities. To guarantee the
... quality of advanced services, security and privacy would be important issues when users roam within various mobile networks. In this manuscript, an anonymous authentication scheme will be proposed to protect the security of the network system and the privacy of users. Not only does the proposed scheme provide mutual authentication between each user and the system, but also each user's identity is kept secret against anyone else, including the system. Although the system anonymously authenticates the users, it can still generate correct bills to charge these anonymous users via a credit-based solution instead of debit-based ones. Furthermore, our protocols also achieve fair privacy which allows the judge to revoke the anonymity and trace the illegal users when they have misused the anonymity property, for example, if they have committed crimes. Finally, in this paper, we also carry out complete theoretical proofs on each claimed security property. Appl. Sci. 2016, 6, 176 2 of 31 around  . The more information the eavesdroppers know, the less security and privacy the mobile users preserve. Sometimes the vicious insiders of the system operator would disclose the classified information of mobile users. Any system without maintaining user privacy will not be acceptable in the future  . There exist some weaknesses on user privacy in the existent 2G mobile network system. Each mobile user's alias, TMSI, can be linked to her/his real identity, IMSI, by attackers when the VLR requests her/him to retransmit her/his IMSI. The 2G mobile network also has no design for satisfying mutual authentication and protecting the users' privacy against the system operator. A mobile user may be cheated by some fake base stations in a mobile network system due to lack of mutual authentication. Although the 3G system has provided mutual authentication, the privacy or anonymity of mobile users has not been sufficiently considered yet. Most of the proposed authentication schemes [6-12] which emphasize the privacy of mobile users usually assign an anonymous identity to each user. A mobile user will obtain an anonymous identity after she/he is successfully authenticated by the system operator, and she/he will take this valid alias to roam over the mobile networks. The eavesdroppers do not know the relation between her/his real identity and alias, but the system operator can derive the relation. To protect the user's privacy perfectly, we hope that anyone else, even the system operator, cannot derive such relations either. Owing to the unlinkability property, the technique of blind signatures  can help us with realizing complete anonymity for mobile users. Another problem is that once a mobile user gets anonymity, how can the system operator charge her/him when she/he requests the mobile network services via an anonymous identity? Especially, how can the system charge the user via a credit-based way, which is the most commonly-used billing solution and has been accepted by almost all of the mobile users? Further more, if there is some mobile user who misused the anonymity property to commit crimes, how can the judge handle it? All of the current solutions cannot cope with all of the above problems at the same time. In our solution, every mobile user is anonymous from the system operator and any other person's point of view when she/he is accessing the mobile network resources. Furthermore, the system operator can charge the mobile user according to the communication time the user consumed via a credit-based way. Moreover, we also consider the issue of fair privacy. The privacy of the mobile users who misused the anonymity property can be revoked by the judge, and the police can trace the criminals who have gotten anonymity. This is the property of fair privacy. We simultaneously realize the anonymity, credit-based chargeability, and fair privacy (revokeability and traceability) in our proposed authentication protocols for mobile communications. We produced a related work  which introduced the basic idea of this research. In this manuscript, we proposed more security features: Unlinkability, Unforgeability, Tamper Resistance, Swindling Resistance, Secure Mutual Authentication, and Secure Authenticated Key Exchange. Furthermore, the formal security proofs guarantee the security strength of the proposed system. Besides, we also did implementation to show the practical computation cost on cellphone. Some Requirements for Anonymous Authentication In mobile network environments, we need the following requirements for anonymous authentication.