隨著行動通訊技術的快速發展，使用者能透過行動裝置於各地使用漫遊服務(roaming service)。由於漫遊服務具有行動性之特質，因此如何在安全與保護使用者隱私的前提下，透過本地代理鑑別合法使用者便為相當重要的議題。此外在鑑別行動用戶的同時，本地代理如何防禦攻擊者透過外地代理發動資源消耗型阻斷式服務攻擊則是另一項重要議題。本論文提出基於用戶端難題(client puzzles)之匿名漫遊鑑別機制，本機制除能提供行動用戶匿名漫遊鑑別機制中所需之安全需求外，透過結合用戶端難題，本機制能有效增加攻擊者發動資源消耗型阻斷式服務攻擊擊潰本地代理所需成本，爭取修復時間。

With the fast development of mobile communication technology, mobile clients can obtain the services provided by the home network when she roams into a foreign network. Recently, due to the dynamic nature and vulnerable-to-attack structure of mobility networks, some secure authentication schemes have been proposed. Although there are many security requirements have been proposed in those scheme, none of them mentioned about how to resist DoS attack in roaming authentication scheme.
In this paper, we review some security weakness in those schemes. Moreover, by using client puzzles, we then propose a new roaming authentication scheme that not only can provide the security requirements of the previous related scheme but also can resist DoS attack for roaming service in global mobility networks.

[1] S. S. Al-Riyami and K. G. Paterson, “Certificateless public key cryptography,” 9th International Conference on the Theory and Application of Cryptology and Information Security, Taipei, Taiwan, 2003, vol. 2894, pp. 452-473.
[2] T. Aura, P. Nikander, and J. Leiwo, “DOS-resistant authentication with client puzzles,” 13th International Workshop on Security Protocols, Cambridge, UK, 2001, vol. 2133, pp. 170-177.
[3] V. Bocan, “Threshold puzzles: the evolution of DOS-resistant authentication,” Automatic Control and Computer Science, vol. 49, no. 6, pp. 1-6, 2004.
[4] Y. Chung, S. Choi, Y. Lee, and D. Won, “Security enhanced unlinkable authentication scheme with anonymity for global mobility networks,” 14th Mobile, Ubiquitous, and Intelligent Computing Lecture Notes in Electrical Engineering, Gwangju, Korea, 2014, vol. 274, pp. 535-540.
[5] Y. Chung, Y. Lee, and D. Won, “Improved authentication scheme with anonymity for roaming service in global mobility networks,” 8th Grid and Pervasive Computing International Conference Lecture Notes in Computer Science, Seoul, Korea, 2013, vol. 7861, pp. 752-760.
[6] D. He, J. Bu, S. Chan, C. Chen, and M. Yin, “Privacy-preserving universal authentication protocol for wireless communications,” IEEE Transactions on wireless communications, vol. 10, no. 2, pp. 431-436, 2011.
[7] D. He, C. Chen, J. Bu, S. Chan, and Y. Zhang, “Security and efficiency in roaming services for wireless networks: challenges, approaches, and prospects,” IEEE Communications Magazine, vol. 51, no. 2, pp. 142-150, 2013.
[8] D. He, C. Chen, S. Chan, and J. Bu, “Strong roaming authentication technique for wireless and mobile networks,” International Journal of Communication Systems, vol. 26, no. 8, pp. 1028-1037, 2013.
[9] D. He, M. Ma, Y. Zhang, C. Chen, and J. Bu, “A strong user authentication scheme with smart cards for wireless communications,” Computer Communications, vol. 34, no. 3, pp. 367-374, 2011.
[10] J. Hu, H. Xiong, and Z. Chen, “Further improvement of an authentication scheme with user anonymity for wireless communications,” International Journal of Network Security, vol. 14, no. 5, pp. 297-300, 2012.
[11] W. Jeon, Y. Lee, and D. Won, “An efficient user authentication scheme with smart cards for wireless communications,” International Journal of Security and Its Applications, vol. 7, no. 4, pp. 1-16, 2013.
[12] A. Juels and J. Brainard, “Client puzzles: a cryptographic countermeasure against connection depletion attacks,” 6th Networks and Distributed Security Systems, San Diego, USA, 1999, pp. 150-165.
[13] J. S. Kim and J. Kwak, “Improved secure anonymous authentication scheme for roaming service in global mobility networks,” International Journal of Security and Its Applications, vol. 6, no. 3, pp. 45-54, 2012.
[14] V. Laurens, A. E. Saddik, and A. Nayak, “Requirements for client puzzles to defeat the denial of service and the distributed denial of service attacks,” The International Arab Journal of Information Technology, vol. 3, no. 4, pp. 326-333, 2006.
[15] C. T. Li and C. C. Lee, “A novel user authentication and privacy preserving scheme with smart cards for wireless communications,” Mathematical and Computer Modelling, vol. 55, no. 1-2, pp. 35-44, 2012.
[16] G. Price, “A general attack model on hash-based client puzzles,” 9th The Institute of Mathematics and its Applications Conference on Cryptography and Coding, Cirencester, UK, 2003, vol. 2898, pp. 319-331.
[17] N. J. Princeton and M. A. Bedford, “New client puzzle outsourcing techniques for DoS resistance,” 11th ACM conference on Computer and communications security, Washington DC, USA, 2004, pp. 246-256.
[18] C. Swanson and D. Jao, “A study of two-party certificateless authenticated key-agreement protocols,” 10th International Conference on Cryptology in India, New Delhi, India, 2009, vol. 5922, pp. 57-71.
[19] C. C. Wu, W. B. Lee, and W. J. Tsaur, “A secure authentication scheme with anonymity for wireless communications,” IEEE Communications Letters, vol. 12, no. 10, pp. 722-723, 2008.
[20] Q. Xie, B. Hu, X. Tan, and M. Bao, “Robust anonymous two-factor authentication scheme for roaming service in global mobility network,” Wireless Personal Communications, vol.74, pp. 601-614, 2013.
[21] J. Xu and D. Feng, “Security flaws in authentication protocols with anonymity for wireless environments,” Electronics and Telecommunications Research Institute Journal, vol. 31, no. 4, pp. 460-462, 2009.
[22] J. Xu, W. T. Zhu, and D. G. Feng, “An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks,” Computer Communications, vol. 34, no. 3, pp. 319-325, 2011.
[23] E. J. Yoon, K. Y. Yoo, and K. S. Ha, “A user friendly authentication scheme with anonymity for wireless communications,” Electrical and Computer Engineering, vol. 37, No. 3, pp. 356-364, 2011.
[24] J. Zhu and J. Ma, “A new authentication scheme with anonymity for wireless environments,” IEEE Transactions on Consumer Electronics, vol. 50, no. 1, pp. 231-235, 2004.