Authors: Xiaoying Jia, Min Luo, Kim-Kwang Raymond Choo, Li Li, Debiao He
Title: OBFP: A Redesigned Identity-Based Anonymous Authentication Scheme for Mobile Edge Computing
Journal: IEEE Internet of Things Journal

Abstract: Ensuring the security and privacy of users and data in a mobile edge computing (MEC) deployment, without affecting performance, latency and and user quality of experience remains challenging. For example, in this paper we revisit an identity-based anonymous authentication scheme designed for MEC deployment. Then, we reveal that the scheme is vulnerable to impersonation, replay and denial of service (DoS) attacks, contrary to their claims. It also does not achieve user un-traceability, and the registration center must be online during authentication. We also observe that it is unclear from their scheme description, what encryption algorithm should be used in the authentication process. Therefore,   we redesign the scheme in order to mitigate the weaknesses pointed out. Our redesigned protocol uses password and biometrics for authentication, which broadens the scope for real-world implementation. We also provide both formal security proof and heuristic security analysis to demonstrate that the proposed scheme achieves the desired security goals. A performance comparison shows that our scheme outperforms four other competing schemes in terms of computation and communication costs.