Efficient handover authentication with user anonymity and untraceability for Mobile Cloud Computing

Highlights

• We address a challenging issue of Mobile Cloud Computing technology.

• We propose a new handoff authentication scheme with security and privacy.

• Our proposed mechanism achieves universality, robust security and efficiency.

• Security and performance analysis shows the excellent performance of our scheme.

Abstract

Various wireless communication technologies have been generated and deployed on account of mass requirements. These enable cloud computing with integration with mobility and Mobile Cloud Computing (MCC) becomes the trend of future generation computing paradigm. In this paper, we address a challenging issue of MCC technology—security and privacy of the handover process. We propose a new design of handoff authentication for heterogeneous mobile cloud networks, which provides user anonymity and untraceability. Compared with previous protocols, our proposed mechanism achieves comprehensive features of universality, robust security and efficiency.

Introduction

With the rapid growing of different wireless technologies, such as LTE, CDMA, WiMAX, and WiFi, cloud computing is no longer limited to wire-connected computing devices. Smart phone or tablet becomes the most frequently used computing device. With the distributed computing structure of cloud, using mobile devices to access the cloud will be the next generation computing paradigm. This is also known as Mobile Cloud Computing (MCC). Within the paradigm of MCC, user devices will require roam across heterogeneous access technologies in order to enjoy a seamless connectivity. However, since security policies vary greatly among different networks, security contexts need to be resolved anew upon a vertical handover, which results in efficiency slow-down and induces security risks. Supporting seamless roaming and secure handover in MCC is a challenging task since each access network may have different mobility, Quality-of-Service (QoS) and security requirements. Moreover, real-time cloud applications such as video conferencing and media streaming  [1] have stringent performance requirements on end-to-end delay and packet loss. In order to overcome these performance bounds and provide continuous secure services for mobile clients, it is necessary to design an efficient handover protocol.

Authentication is an important module in the handover protocol. As shown in Fig. 1 (assumed that there is an integrated WiMAX and WiFi networks), regardless of the technology implemented in MCC, a typical heterogeneous handover authentication scenario could come down to involving four entities: mobile clients (MCs), access points (APs) or base stations (BSs), gateway routers (GWs) and the authentication server (AS) which is located at the cloud service provider. Before entering the network, a MC must register to AS. After granted the permission from AS, MC connects to an AP (or a BS) for accessing the network through GW. A MC moves from one AP (or BS) to a new AP (or BS) within the domain of a single wireless access network, which refers to horizontal handover. Conversely, a MC handovers among heterogeneous wireless access networks, which refers to vertical handover. After MC roams to a new AP (or BS), handover authentication should be performed at the new AP (or BS). The AP (or BS) will authenticate the legitimate MC and reject any access request by illegitimate users. At the same time, they will establish a session key between this authenticated MC and AP (or BS) for the purpose of providing confidentiality and integrity of the communication session.

In this paper, we further illustrate the above procedure by considering an integrated WiMAX and WiFi heterogeneous networks, where a WiMAX network is interconnecting with WiFi network through a WiFi interworking Function (WIF)  [2] which is predefined by the WiMAX forum for roaming support. The WIF plays an important role in interfacing WiMAX and WiFi networks, which enables the MC with WiFi network connectivity to access WiMAX network functionality  [3]. In Fig. 1, entities enforcing access control are authenticators that refer to an Access Service Network-Gateway (ASN-GW) or AP. An ASN-GW controls multiple BSs and takes charge of forwarding authentication messages between the MC and the AS residing in the Cloud Service Provider (CSP). Considering the security, we assume that secure transmission protocols have been used in all the entities containing AS, ASN-GW, BS, WIF and AP to maintain mutual trusted relations and establish connections.

There are two major practical issues on designing a handover authentication protocol in MCC:

• First, security and privacy are two major concerns for the handover authentication process. For privacy, mobile clients may prefer to keep their identities and location hidden. It is a notable issue in wireless networks since roaming protocols may expose users’ identities and locations at the user authentication phase. Identity privacy is relevant to the MC when it sends authentication request (which includes its identity). A robust and privacy-preserving scheme is therefore essential to resist any adversary from getting the identity of the authenticated user. On the other side, location privacy is relevant to the AP or BS when MC has accessed with it, since any attacker can trace MC’s movement route. Therefore, user anonymity and untraceability should be paid more attention to in the handover protocol.

• Second, efficiency also needs to be intensively considered for handover authentication service. This is of great importance for guaranteeing service continuity and QoS, which means low latency and low packet loss when a MC is handovering to another network  [4]. Since either MCs or APs are generally constrained by power and processing capability, an efficient handover authentication protocol should be essential. Furthermore, such a protocol must be able to maintain persistent connectivity between MCs and APs.

There are several authentication protocols proposed in some literature for the purpose of achieving a secure and efficient handover authentication in a heterogeneous network  [3], [5], [6], [7], [8], [9], [10], [11], [12], [13], [14], [15], [16], [17], [18], [19]. However, most of these existing authentication protocols ultimately turn out to have a few drawbacks, which we divide into following aspects:

• Interact with AS during mutual authentication or need the participation of third parties, such as home AP/BS;

• Cannot provide a privacy protection mechanisms even they may have serious security flaws;

• Incur high authentication costs and low efficiency, which cannot achieve the requirement of seamless handover; and

• Complex design of schemes results in suffering weakness on universality.

Kwon et al.  [5] presents a USIM based authentication test-bed implemented for the UMTS-WLAN handover. The performance of full authentication and fast re-authentication in terms of procession time are analyzed and compared. However, there is no detailed description about fast authentication and handover authentication. The performance about fast re-authentication does not meet the requirement of delay-sensitive application. In  [6], the authors presented a pre-authentication based scheme for WiFi and WiMAX integrated network. It generates MSKs (master session keys) when a user initially logs in network, and transmits the MSK to the target network where necessary. By executing pre-authentication scheme, the handover process is simplified to become localized authentication and requires merely message flows between the MC and target BSs/APs without involving the AS. In  [7], Sun et al. also presented a pre-authentication based secure and efficient handover schemes for WiFi and WiMAX heterogeneous networks. The adoption of key reuse in this scheme decreases the processing time of key re-generation during handover process and even avoids the frequent handovers between two BSs  [8]. Nevertheless, the performance analysis shows that both schemes might still undergo lengthy authentication when MSK misses or the MC moves to a target BS/AP that does not receive the key, which results in serious authentication latency. In  [9], the authors proposed a one-pass AKA Authentication in 3G-WLAN integrated networks, which reduces the authentication costs by using an International Mobile Subscriber Identity–IP Multimedia Private Identity pair. Unfortunately, security analysis shows that the users are vulnerable to potential spoofing attacks by rogue third party application vendors  [20].

Five fast and secure re-authentication protocols for 3GPP subscribers to perform handovers between the WiMAX and the WLAN systems have been proposed in  [11], which takes advantage of key reuse and avoids contacting AS in the 3GPP networks during the handovers. Here ‘key reuse’ means that a key stored in a previously visited network is reused for re-authentication while the user re-visits the network, thus it speeds up the key re-generation process and reduces the authentication cost. Although this scheme can achieve an outstanding performance in terms of the key reuse trait and the re-authentication delay compared with the current 3GPP standard protocols  [2] and can provide several security features including forward and backward secrecy, it can only support single-hop communications between a MC and AP/BS and the re-authentication processing time unable to satisfy the requirement of real-time applications. The scheme by  [3] presents a fast authentication for WiMAX–WLAN integrated network with the assumption that the AS has robust security features. The authors use the AS to ensure the handover security. By adopting the localized authentication concept and utilizing the approach of pre-authentication, it can avoid suffering a longer delay. However, since the AS is normally located far away from the BS/AP, it may incur accident to degrade the system performance such as a connection loss between the BS/AP and the AS.

Recently, a fast and secure handover authentication scheme based on ticket for WiMAX and WiFi heterogeneous networks has been proposed in  [14]. The MC and the target BS/AP can complete the mutual authentication and derive their session key by a credential ticket generated by the previously visited BS/AP without interacting with AS. By executing such local authentication which significantly reduces the handover authentication delay. Nevertheless, it does not provide a privacy protection and has weakness on universality.

Regarding privacy, unfortunately all the above schemes have provided no privacy protection measures and no universality for various networks. In  [15], a universal authentication protocol with strong user anonymity for wireless communication networks was proposed by Yang et al. It is based on group signature and only requires three message flaws between the roaming MC and the foreign BS/AP during handover. Though this protocol can assure user anonymity and provide a practical user revocation mechanism, it still fails to provide user untraceability  [21] and the protocol may become time-wasting and power-consuming when the number of revoked users is large. Cao et al.  [16] proposed an unified ID-based cryptography handover authentication scheme without pairing operation for heterogeneous access networks. The handover authentication is executed between a MC and the target AP without the third party. Although the authors claim that their scheme achieves user anonymity, the identity of the MC may still be exposed to attackers, since the real identity is passed in plaintext when the MC requests handover authentication to the target AP. Therefore, the scheme cannot achieve real user anonymity and untraceability. Very recently, Liu et al.  [19] proposed a time-bound anonymous authentication protocol for roaming network. Similar to  [15], it is based on group signature with time information embedded into the signature. By doing so, revoked users can be classified into natural revoked (expired user) and obliged revoked. Yet user untraceability is not yet feasible.

Taking into account the above analysis, users are unwilling to accept such service which always fails to provide appropriate security and efficiency guarantees. Thus, providing a practical handover authentication with efficiency and user privacy scheme becomes a notable issue in the MCC context. In this paper, taking the advantage of an identity-based elliptic curve algorithm in  [22], we propose a new universal efficient handover authentication with user anonymity and untraceability for MCC. Our proposed scheme can be distinguished from previous works and the merits can be summarized in several aspects:

• No extra third party. Except both the MC and the BS/AP, there is no additional participation of any third party during the handover authentication, such as AS or home AP/BS.

• Simple in design. We need only one handover authentication protocol to handle various heterogeneous network scenarios.

• Universality. The protocol is universal in the sense that the same protocol can be used appropriately for different heterogeneous network.

• User anonymity and untraceability. In order to satisfy the requirement of modern society, our protocol supports user anonymity and untraceability.

• Robust security and efficiency. On the basis of a robust security, our protocol enjoys high efficiency in authentication performance compared with existing schemes.

The remaining part of this paper is organized as follows. Section  2 discusses the security requirements and introduces the elliptic curve group. Section  3 presents our scheme and Section  4 analyzes the security and performance of our scheme. We conclude the paper in Section  5.