A Privacy and Delegation Enhanced User Authentication Protocol for Portable Communication Systems

Abstract

In 2005, a delegation-based authentication protocol for portable communication systems was proposed by Lee and Yeh. The major merits include: 1. the identity of mobile user is not exposed over an open network; 2. the mobile user can construct the digital signature for roaming service requests by himself; 3. the protocol satisfies secrecy, authenticity, data integrity, and non-repudiation properties; 4. the mutual authentication between the mobile user (MS) and the visited location register (VLR) is satisfied; and 5. the computation and communication cost is low. Later, Lee et al. showed that a valid malicious VLR can trick the home location register (HLR) by forging authentication messages and overcharging the service fee in Lee-Yeh’s protocol. At the same time, Lee et al. proposed an improved method to enhance the security and the efficiency. The intentions of this paper include: 1. to demonstrate that both Lee-Yeh and Lee et al.’s protocols do not keep the privacy of MS actually; 2. to show that the overcharge problem still exists in Lee et al.’s protocol; and 3. to propose a new method which can enhance the delegation and security level and keep the privacy and the efficiency of MS.