A Redesigned Identity-Based Anonymous Authentication Scheme for Mobile-Edge Computing

Ensuring the security and privacy of users and data in a mobile-edge computing (MEC) deployment, without affecting performance, latency and user quality of experience remain challenging. For example, in this article, we revisit an identity-based anonymous authentication scheme designed for MEC deployment. Then, we reveal that the scheme is vulnerable to impersonation, replay, and Denial-of-Service (DoS) attacks, contrary to their claims. It also does not achieve user untraceability, and the registration center must be online during authentication. We also observe that it is unclear from their scheme description, what encryption algorithm should be used in the authentication process. Therefore, we redesign the scheme in order to mitigate the weaknesses pointed out. Our redesigned protocol uses password and biometrics for authentication, which broadens the scope for real-world implementation. We also provide both formal security proof and heuristic security analysis to demonstrate that the proposed scheme achieves the desired security goals. A performance comparison shows that our scheme outperforms four other competing schemes in terms of computation and communication costs.