Security Vulnerabilities and Improvements of SPAM: A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks
The main contribution of this paper is to analyze a secure passwordauthentication mechanism (SPAM), proposed by Chuang et al. in 2013(IEEE Syst J.). The SPAM was used for designing a secure handover inProxy Mobile IPv6 (PMIPv6) networks. Chuang et al. in the originalpaper claimed that SPAM provides high security properties and canresist various attacks. However, in this paper we point out thatSPAM is vulnerable to the critical attacks, such as stolen smartcard and off-line dictionary attack, replay attack and impersonationattack. In addition, we show that the identity of MNs and thesession key between MN and MAG can be disclosed by an insiderattacker; resultantly, anonymity and confidentiality between MNs andMAG will be completely broken in SPAM. As a remedy, we also propose an improved scheme which not only conquers the problems of the previous schemes but also provides a reduction in computational cost. Moreover, the proposed scheme provides the user anonymity and untraceability and secure session key agreement. Finally, the security of the improved protocol is proved in the random oracle model.