Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks"

Mojtaba Alizadeh; Mazdak Zamani; Sabariah Baharun; Azizah Abdul Manaf; Kouichi Sakurai; Hiroaki Anada; Hassan Keshavarz; Shehzad Ashraf Chaudhry; Muhammad Khurram Khan

doi:10.1371/journal.pone.0142716

Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks"

PLoS One. 2015 Nov 18;10(11):e0142716. doi: 10.1371/journal.pone.0142716. eCollection 2015.

Authors

Mojtaba Alizadeh^{1

2}, Mazdak Zamani³, Sabariah Baharun², Azizah Abdul Manaf⁴, Kouichi Sakurai¹, Hiroaki Anada, Hassan Keshavarz², Shehzad Ashraf Chaudhry⁵, Muhammad Khurram Khan⁶

Affiliations

¹ Faculty of Information Science and Electrical Engineering, Kyushu University, Fukuoka, Japan.
² Malaysia-Japan International Institute of Technology, Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia.
³ Department of Computer Science, Kean University, Union, New Jersey, United States of America.
⁴ Advanced Informatics School, Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia.
⁵ Department of Computer Science and Software Engineering, International Islamic University, Islamabad, Pakistan.
⁶ Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia.

Abstract

Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes' participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.'s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.'s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic.

Publication types

Research Support, Non-U.S. Gov't

MeSH terms

Cell Phone
Computer Communication Networks*
Computer Security*
Humans
Internet*
Telemedicine*

Grants and funding

This work was supported by Malaysia-Japan International Institute of Technology (MJIIT) center at Universiti Teknologi Malaysia, Japan Student Services Organization (JASSO), and Sakurai Lab, Graduate School and Faculty of Information Science and Electrical Engineering, Kyushu University, Fukuoka Japan. Muhammad Khurram Khan extends his sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding for the Prolific Research Group (PRG-1436-16). Authors acknowledge support from Malaysia-Japan International Institute of Technology (MJIIT) center at Universiti Teknologi Malaysia, Japan Student Services Organization (JASSO), and Kyushu University, Fukuoka Japan.