Identity-based anonymous remote authentication for value-added services in mobile networks

Abstract

Based on identity-based cryptography, this paper proposes a remote authentication protocol featured with client anonymity, nonrepudiation, and improved efficiency for value-added services in a mobile environment. First, an identity-based signature scheme is proposed, and the verification result of the signature is a constant with respect to the signer's identifier. Then, a remote authentication protocol is constructed by combining the proposed signature scheme with a new concept called the client account index, which helps to realize client anonymity with no encryption operations. A formal proof and a theoretical analysis are provided to show the security strength of the proposals. Performance evaluation shows that compared with previous identity-based remote authentication schemes, the new protocol reduces at least 21.7% of the overall running time with stronger security; the reductions in the overall running time and signaling traffic reach 31.9% and 82.0%, respectively, compared with previous Rivest-Shamir-Adleman-based schemes. © 2009 IEEE.