Multi-factor signcryption scheme for secure authentication using hyper elliptic curve cryptography and bio-hash function

• Autorzy: Rajasekar Vani , Premalatha J. , Sathya K.

Identyfikatory

DOI

10.24425/bpasts.2020.134470

• Języki publikacji: EN

Abstrakty

EN

Among rapid development of wireless communication, technology cryptography plays a major role in securing the personal information of the user. As such, many authentication schemes have been proposed to ensure secrecy of wireless communication but they fail to meet all the required security goals. The proposed signcryption scheme uses multi-factor authentication techniques such as user biometrics, smart card and passwords to provide utmost security of personal information. In general, wireless devices are susceptible to various attacks and resource constraint by their very nature. To overcome these challenges a lightweight cryptographic scheme called signcryption has evolved. Signcryption is a logical combination of encryption and digital signature in a single step. Thereby it provides necessary security features in less computational and communication time. The proposed research work outlines the weaknesses of the already existing Cao et al.’s authentication scheme, which is prone to biometric recognition error, offline password guessing attack, impersonation attack and replay attack. Furthermore, the proposed study provides an enhanced multi-factor authentication scheme using signcryption based on hyper elliptic curve cryptography and bio-hash function. Security of the proposed scheme is analyzed using Burrows-Abadi-Needham logic. This analysis reveals that the proposed scheme is computational and communication-efficient and satisfies all the needed security goals. Finally, an analysis of the study results has revealed that the proposed scheme protects against biometric recognition error, password guessing attack, impersonation attack, DoS attack and dictionary attack.

Słowa kluczowe

EN

signcryption; bio-hash function; hyperelliptic curve; cryptanalysis; authentication

• Wydawca: Polska Akademia Nauk, Wydział IV Nauk Technicznych
• Czasopismo: Bulletin of the Polish Academy of Sciences. Technical Sciences
• Rocznik: 2020
• Tom: Vol. 68, nr 4
• Strony: 923--935
• Opis fizyczny: Bibliogr. 24 poz., rys., tab.

Twórcy

autor

Rajasekar Vani

• Dept of CSE, Kongu Engineering College, Perundurai, Erode, India

autor

Premalatha J.

• Dept of IT, Kongu Engineering College, Perundurai, Erode, India

autor

Sathya K.

• Dept of CT/UG, Kongu Engineering College, Perundurai, Erode, India

Bibliografia

• [1] S.D. Kaul and K.A. Awasthi, “Security enhancement of an improved remote user authentication scheme with key agreement”, Wireless Pers. Commun. 89, 621–637 (2016).
• [2] V. Rajasekar, J. Premalatha, and K. Sathya, “An efficient signcryption scheme for secure authentication using hyper elliptic curve cryptography and Keccak hashing”, Int. J. Recent Technol. Eng. 8 (3), 1593–1598 (2019).
• [3] S.-Q. Cao, Q. Sun, and L.-L. Cao, “Security Analysis and Enhancement of A Remote User Authentication Scheme”, Int. J. Inf. Secur. 21 (4), 661–669 (2019).
• [4] R. Amin, H. Islam, M.K. Khan, A. Karati, D. Giri, and S. Kumari, “A Two-Factor RSA based Robust Authenticaton System for Multi Server Environment”, Secur. Commun. Netw. 2017, 5989151 (2017).
• [5] B. Huang, and M.K. Khan, “An Efficient Remote User Authentication with Key Agreement Scheme using Elliptic Curve Cryptography”, Wireless Pers. Commun. 85, 225–240 (2015).
• [6] B. Zhang, Z. Jia, and C. Zhao, “An efficient Certificateless generalized Signcryption scheme”, Secur. Commun. Netw. 2018, 3578942 (2018).
• [7] W. Shi and P. Gong, “A new user authentication protocol for wireless sensor networks using Elliptic curve cryptography”, Int. J. Dist. Network 9 (4), (2013), doi: 10.1155/2013/730831.
• [8] Y. Choi, Y. Lee, J. Moon, and D. Won, “Security enhanced multifactor biometric authentication scheme using bio-hash function”, PLOS ONE 12 (5), e0176250 (2017), doi: 10.1371/journal.pone.0176250.
• [9] Y. Lu, L. Li, H. Peng, and Y. Yang, “An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem”, J. Med. Syst. 39, 32 (2015), doi: 10.1007/s10916-015-0221-7.
• [10] H. Arshad and M. Nikooghadam, “Three-factor anonymous authentication and key agreement scheme for Telecare medicine information systems”, J. Med. Syst. 38 (5), 1–11 (2015), doi: 10.1007/s10916-014-0136-8.
• [11] L. Han, X. Tan, S. Wang, and X. Liang, “An efficient and secure three factor based authenticated key exchange scheme using elliptic curve cryptosystems”, Peer Peer. Netw. Appl. 11, 63–73 (2017).
• [12] K. Siddique, Z. Akhtar, and Y. Kim, “Biometric vs Passwords: a modern version of tortoise and the hare”, Comput. Fraud. Secur. 2017 (1), 13–17 (2017).
• [13] M. Burrows, M. Abadi, and R.M. Needham, “A logic of authentication”, P. Roy. Soc. A-Math. Phy. 8 (1), 233–271, 1989.
• [14] D. He and D. Wang, “Robust biometrics-based authentication scheme for multiserver environment”, IEEE. Syst. J. 9 (3), 816–823 (2015), doi: 10.1109/JSYST.2014.2301517.
• [15] D. Wang , C.G. Ma, and P.Wu, “Secure password-based remote user authentication scheme with nontamper resistant smart cards”, in IFIP Annual Conference on Data and Applications Security and Privacy, Springer Berlin Heidelberg, 2012.
• [16] C.G. Ma, D. Wang, and S.D. Zhao, “Security flaws in two improved remote user authentication schemes using smart cards”, Int. J. Comun. Syst. 27 (10) 2215–2227 (2014). doi: 10.1002/dac.2468.
• [17] D. Otway and O. Rees, “Efficient and timely mutual authentication”, SIGOPS Oper. Syst. Rev. 21 (1), 8–10 (1987), doi: 10.1145/24592.24594.
• [18] M.-S. Hwang, E.F. Cahyadi, C.-Y. Yang, and S.-F. Chiou, “An Improvement of the Remote Authentication Scheme for Anonymous Users Using an Elliptic Curve Cryptosystem”, in 2018 IEEE 4th International Conference on Computer and Communications (ICCC), 2018, pp. 1872–1877, doi: 10.1109/CompComm.2018.8780891.
• [19] Li Xiong, Jianwei Niu, M. Karuppiah, Kumari Saru, and Fan Wu, “Secure and efficient two factor authentication scheme with user anonymity for network based E-health care applications”, J. Med. Syst. 40, 268 (2016), doi: 10.1007/s10916-016-0629-8.
• [20] A.K. Das and A. Gowsami, “A Robust anonymous biometric based remote user authentication scheme using smart cards”, Comput. Inf. Sci. 27 (2), 193–210 (2015).
• [21] S. Kumar, V. Singh, and V. Sharma, “Advance remote user authentication scheme using smart card”, Telcom. Radio. Engg. 78 (11), 957–971 (2019), doi: 10.1615/TelecomRadEng.v78.i11.40.
• [22] A.K. Das, A.K. Sutrala, O.Vanga, and A. Goswami, “A secure smartcard based anonymous user authentication scheme for health care applications using wireless medical sensor networks”, Wireless Pers. Commun. 94, 1899–1933 (2016).
• [23] A. Sharma and S.K. Lenka, “Analysis of QKD multifactor authentication in online banking systems”, Bull. Pol. Ac.: Tech. 63 (2), 545–548 (2015).
• [24] G. Sharma and A.S. Kalr, “A Secure remote user authentication scheme for smart cities e-governance applications”, J. Reliable Intell. Environment 3, 177–188 (2018).

Uwagi

PL

Opracowanie rekordu ze środków MNiSW, umowa Nr 461252 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2020).