An Anonymous Authentication Protocol with Chargeability and Fair Privacy for Mobile Network Environments

Huang, Shi-Ming

26 July 2006

Mobile network equipments are widely popularized and advanced mobile communication services are provided increasingly such that ubiquitous computing environments will come true soon. It is a pleasure for mobile users to work or get recreations in the mobile network environments. However, just as the cases in wireline environments, there are a lot of security threats to mobile network systems and their impact on the security is more serious than that in wireline environments owing to the feature of wireless transmissions and the ubiquity property in mobile network systems. The secret personal information, important data, or classified missives which mobile users carry may be stolen by malicious entities. In order to guarantee the quality of the advanced communication services, the security and privacy would be the important issues when mobile users roam to the mobile networks. In this thesis, an anonymous authentication protocol will be proposed to protect both the security of the mobile network system and the privacy of mobile users. Not only does the proposed scheme provide mutual authentication between each user and the system, but also the identity of each user can be kept secret against anyone else including the system. Although the users are anonymously authenticated by the system, it can still make correct bills to charge these anonymous users. Finally, our protocol also achieves the goal of fair privacy which allows the judge to be able to revoke the anonymity and trace the illegal users when they misused the anonymity property such as they committed crimes.

Fair privacy

Cryptography

Mobile networks

Ubiquitous computing

Mutual authentication

Anonymity

Provably Secure Privacy Mechanism for Authentication, Billing and Payment in Mobile Communications

Shi-Ming, Vincent

23 August 2010

Mobile communication is very mature today due to the powerful computation and communication capabilities of mobile devices, the flourishing of mobile networks, the popularity of electronic commerce, and the completeness of e-payment mechanisms. It is a pleasure for mobile users to roam around the mobile networks and enjoy the mobile network services. However, there are a lot of security threats in the mobile networks, and thus we need an anonymous mutual authentication and key exchange scheme to guarantee the security and privacy for mobile users in the networks. A payment protocol is also required for charging the mobile users after using the mobile services. However, the existing payment schemes do not support anonymity and credit-based chargeability at the same time. In this dissertation, we propose a secure authentication scheme such that the mobile users can be anonymously authenticated by the system and the system can still make correct charge to these anonymous mobile users via a credit-based way simultaneously. We also propose a novel e-cash scheme which can support each mobile user to withdraw a generic e-cash and decide to spend it as an on-line e-cash or an off-line e-cash according to the payment requirement of the anonymous authentication scheme. Our proposed schemes are convenient and flexible for the mobile users, the system operator, and the bank. Besides, full privacy can be achieved for mobile users owing to the combination of our proposed schemes, which can be performed in current mobile devices efficiently with few battery energy consumptions. Furthermore, we provide anonymity control, no swindling, tamper resistance, secure mutual authentication, secure key exchange, and secure forward secrecy in the proposed anonymous authentication scheme and the e-cash scheme, where these security features are demonstrated by formal security models and theoretical proofs.

Electronic Commerce

Mobile Networks

Electronic Payment

Off-Line E-Cash

Anonymity

Fair Privacy

Ubiquitous Computing

Mutual Authentication

Blind Signatures

On-Line E-Cash