Anonymous roaming authentication protocol for wireless network with backward unlinkability, exculpability and efficient revocation check

Secure seamless roaming in a wireless network is desirable in today's highly dynamic world. Providing revocation and nontraceability in an efficient two-party roaming authentication protocol is a challenging task. Conventional two-party protocols utilize pseudo-identities or group signature with revocation tokens to support non-traceability and strong user anonymity. Among the group signature based authentication schemes, only Priauth scheme has non-traceability or backward/forward unlinkability and the mobile user does not have to do any computation after each revocation. Despite all the advantages, Priauth scheme does not support exculpability or in other words the home server knows the group signing key of the mobile user. In case of dispute, the mobile user can deny that it generated signature because the mobile user and the home server both know the signing key of the mobile user. Thus, the mobile user cannot be held accountable. Moreover, Priauth has high revocation cost due to pairing operation performed for each revoked token in the revocation list during revocation checking at the foreign server. In addition, the existing group signature based authentication schemes are not provably secure in the random oracle model. We propose a provably secure two-party authentication protocol using group signature scheme which overcomes the weaknesses of Priauth scheme by supporting exculpability, backward unlinkability and using exponential operation instead of costlier pairing operation during revocation checking.