# American Institute of Mathematical Sciences

doi: 10.3934/amc.2020103

## Cryptanalysis and enhancement of multi factor remote user authentication scheme based on signcryption

 1 Department of CSE, Kongu Engineering College, Erode, India 2 Department IT and Department of CT-UG, Kongu Engineering College, Erode, India

* Corresponding author: Vani Rajasekar

Received  December 2019 Revised  May 2020 Published  August 2020

The major need of remote user authentication is to verify the authenticity of the user through insecure channel. Till today enormous remote user authentication schemes have been proposed but still some security flaws remains. Some of them are vulnerable to password guessing attack, Id guessing attack, client and server impersonation attack, replay attack, Denial of Service (DoS) attack etc. Besides the security issues many such schemes are supposed to have higher computational and communicational cost. To overcome these challenges a lightweight cryptographic scheme called signcryption has evolved. Signcryption is a logical combination of encryption and digital signature in single step. Thereby it provides necessary security features in less computational cost of 0.97 ms and communication cost of 824 bits. The proposed research work outlines the weakness in Dharminder et al's authentication scheme which is prone to biometric recognition error, offline password guessing attack, impersonation attack and replay attack. Furthermore the proposed study provides a secure multifactor authentication scheme using signcryption based on Hyper Elliptic Curve Cryptography (HECC) and Bio-hash function. The formal security analysis of proposed scheme is done using Burrows-Abadi-Needham logic. The analysis reveals that the proposed scheme is computational and communication efficient and satisfies all the needed security goals. The scheme is also been formally verified using AVISPA tool that confirms that it is resilient to security attacks.

Citation: Vani Rajasekar, Premalatha Jayapaul, Sathya Krishnamoorthi. Cryptanalysis and enhancement of multi factor remote user authentication scheme based on signcryption. Advances in Mathematics of Communications, doi: 10.3934/amc.2020103
##### References:

show all references

##### References:
Registration phase
Computational time analysis on various schemes
Communication cost analysis on various schemes
Simulation result of AVISPA in OFMC backend
Notions and its description
 S.No Parameter used Description 1 $C_i$ Client/User 2 $S_i$ Server/Receiver 3 $Bi$ Biometric template of Client 4 $Id_i$ Client's Identity 5 $Pw_i$ Client's password 6 $H_{Bi}(.)$ Bio hash function 7 $h(.)$ General Keccak hash function 8 $r_c$ Random number generated by Client 9 $r_s$ random number generated by Server 10 $K_C$ Secret key generated by Client 11 $K_S$ Secret key generated by Server 12 $N_i$ Counter number 13 $t_i$ Time stamp value of ith tuple 14 $\oplus$ Bitwise XOR operation 15 $||$ Concatenation operator 16 $(C,r,S)$ Signcrypted tuple 17 $bk$ Session key used by Client and Server
 S.No Parameter used Description 1 $C_i$ Client/User 2 $S_i$ Server/Receiver 3 $Bi$ Biometric template of Client 4 $Id_i$ Client's Identity 5 $Pw_i$ Client's password 6 $H_{Bi}(.)$ Bio hash function 7 $h(.)$ General Keccak hash function 8 $r_c$ Random number generated by Client 9 $r_s$ random number generated by Server 10 $K_C$ Secret key generated by Client 11 $K_S$ Secret key generated by Server 12 $N_i$ Counter number 13 $t_i$ Time stamp value of ith tuple 14 $\oplus$ Bitwise XOR operation 15 $||$ Concatenation operator 16 $(C,r,S)$ Signcrypted tuple 17 $bk$ Session key used by Client and Server
Cryptanalysis on various authentication schemes
 Remote user authentication schemes A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 Dharminder et al [11] No No Yes No No No No No Yes Yes Chaturadevi et al [6] Yes No Yes No No No No No No Yes Nikooghadam et al [17] Yes No Yes No Yes No Yes Yes Yes Yes Chandrakar et al [5] No Yes No No No No No No No Yes Sutrala et al [25] Yes No Yes No Yes Yes Yes Yes Yes Yes Dharminder et al [10] Yes No Yes No Yes Yes Yes Yes Yes Yes Li et al [15] Yes No Yes No No No Yes Yes Yes Yes Das et al [8] Yes No Yes No No No Yes Yes Yes Yes Sharma et al [23] No No Yes Yes Yes Yes Yes Yes Yes Yes Proposed Scheme No No No No No No No No No No A1: Server masquerading attack A2: Replay attack A3: Biometric recognition error A4:Mutual Authentication A5: Client Impersonation attack A6: Offline password guessing attack A7: Slow wrong password detection A8: Prone to DoS attack A9: Id Guessing attack A10: Lack of session key agreement
 Remote user authentication schemes A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 Dharminder et al [11] No No Yes No No No No No Yes Yes Chaturadevi et al [6] Yes No Yes No No No No No No Yes Nikooghadam et al [17] Yes No Yes No Yes No Yes Yes Yes Yes Chandrakar et al [5] No Yes No No No No No No No Yes Sutrala et al [25] Yes No Yes No Yes Yes Yes Yes Yes Yes Dharminder et al [10] Yes No Yes No Yes Yes Yes Yes Yes Yes Li et al [15] Yes No Yes No No No Yes Yes Yes Yes Das et al [8] Yes No Yes No No No Yes Yes Yes Yes Sharma et al [23] No No Yes Yes Yes Yes Yes Yes Yes Yes Proposed Scheme No No No No No No No No No No A1: Server masquerading attack A2: Replay attack A3: Biometric recognition error A4:Mutual Authentication A5: Client Impersonation attack A6: Offline password guessing attack A7: Slow wrong password detection A8: Prone to DoS attack A9: Id Guessing attack A10: Lack of session key agreement
Cryptanalysis on various authentication schemes
 Remote user authentication schemes Registration phase Password change phase Login and Authentication phase Dharminder et al [11] $2T_{su}+1T_h$ $2T_{bk}+1T_h$ $3T_{su}+2T_h+1T_{bk}$ Chaturadevi et al [6] $3T_h$ $2T_{bk}+2T_h$ $6T_{su}+2T_h+3T_{bk}$ Nikooghadam et al [17] $3T_h$ $2T_{bk}+3T_h$ $5T_{su}+3T_h+2T_{bk}$ Chandrakar et al [5] $5T_h$ $2T_{bk}+6T_h$ $5T_{su}+6T_h+2T_{bk}$ Sutrala et al [25] $5T_h + 2T_{su}$ $3T_{bk}+4T_h$ $6T_{su}+4T_h+1T_{bk}$ Dharminder et al [10] $2T_h+1T_{su}$ $1T_{bk}+4T_h$ $6T_{su}+4T_h+1T_{bk}$ Li et al [15] $5T_h$ $2T_{bk}+3T_h$ $4T_{su}+2T_h+1T_{bk}$ Das et al [8] $1T_h+2T_{su}$ $2T_{bk}+2T_h$ $3T_{su}+2T_h+1T_{bk}$ Sharma et al [23] $3T_h$ $2T_{bk}+2T_h$ $6T_{su}+2T_h+3T_{bk}$ Proposed Scheme $1T_h+1T_{su}$ $1T_h$ $1T_{su}+1T_h+1T_{bk}$
 Remote user authentication schemes Registration phase Password change phase Login and Authentication phase Dharminder et al [11] $2T_{su}+1T_h$ $2T_{bk}+1T_h$ $3T_{su}+2T_h+1T_{bk}$ Chaturadevi et al [6] $3T_h$ $2T_{bk}+2T_h$ $6T_{su}+2T_h+3T_{bk}$ Nikooghadam et al [17] $3T_h$ $2T_{bk}+3T_h$ $5T_{su}+3T_h+2T_{bk}$ Chandrakar et al [5] $5T_h$ $2T_{bk}+6T_h$ $5T_{su}+6T_h+2T_{bk}$ Sutrala et al [25] $5T_h + 2T_{su}$ $3T_{bk}+4T_h$ $6T_{su}+4T_h+1T_{bk}$ Dharminder et al [10] $2T_h+1T_{su}$ $1T_{bk}+4T_h$ $6T_{su}+4T_h+1T_{bk}$ Li et al [15] $5T_h$ $2T_{bk}+3T_h$ $4T_{su}+2T_h+1T_{bk}$ Das et al [8] $1T_h+2T_{su}$ $2T_{bk}+2T_h$ $3T_{su}+2T_h+1T_{bk}$ Sharma et al [23] $3T_h$ $2T_{bk}+2T_h$ $6T_{su}+2T_h+3T_{bk}$ Proposed Scheme $1T_h+1T_{su}$ $1T_h$ $1T_{su}+1T_h+1T_{bk}$