1 Introduction
Protocols | Adopted cryptographic operations | Security weaknesses |
---|---|---|
Chuang et al. [33] | Hash function | User impersonation attacks SKD attacks |
Amin et al. [31] | Hash function Smart card | Offline dictionary attacks User anonymity |
Wu et al. [35] | Hash function Chaotic maps Smart card | SSC attacks TVD attacks |
Zhou et al. [43] | Hash function | TVD attacks Impersonation attacks SKD attacks Replay attacks PFS |
Martinez-Pelaez et al. [45] | Hash function Symmetric encryption/decryption | SKD attacks Replay attacks MA |
Fan et al. [37] | RFID Symmetric encryption/decryption | – |
Kang et al. [47] | Hash function | OPG attacks |
Wu et al. [48] | Hash function Smart card | – |
Rangwani et al. [41] | ECC Hash function | – |
2 Methods and experiments
3 Review and cryptanalysis of Huang et al.’s protocol
3.1 Review Huang et al.’s protocol
Notations | Description |
---|---|
\(CSID_{j}\)
| \(S_j\)’s identity |
\(UID_{i}\)
| \(U_{i}\)’s identity |
\(UPW_{i}\)
| \(U_{i}\)’s password |
\(BIO_{i}\)
| \(U_{i}\)’s biometric |
x
| TCS’s private secret key |
3.1.1 Registration phase
3.2 Login phase
3.3 Authentication and key agreement phase
3.4 Cryptanalysis of Huang et al.’s protocol
3.4.1 Adversary model
3.4.2 Privileged insider attacks
3.4.3 Temporary value conflict of interest (TVD) attacks
4 Proposed protocol
4.1 New registration of \(S_j\)
4.2 New registration of \(U_i\)
4.3 New login and authentication phase
5 Results and discussion
5.1 Formal security analysis
5.1.1 Security model
5.1.2 Security proof
On a query Send\((\Pi _{U_i}^x, start)\), \(\Pi _{U_i}^x\) chooses \(UN_{i}, TS_i, CSID_j\) to compute \(R_i,RID_i, TB_i, UH_i, t_i, UJ_i, UK_i\). Then, the query is returned \(M_1 = \{UH_i,UJ_i,UK_i,RID_i,TS_i\}\). |
On a query Send\((\Pi _{S_j}^y, (UH_i,UJ_i,UK_i,RID_i,TS_i))\), \(\Pi _{S_j}^y\) selects \(CN_{j},TS_j\) to compute \(TSID_j, CL_j, CM_j\). Then, the query is returned \(M_2=\{UH_i,UJ_i,UK_i,CL_j,CM_j,RID_i,RSID_j,TS_j\}\). |
On a query Send\((\Pi _{CS}^z, ((UH_i,UJ_i,UK_i,CL_j,CM_j,RID_i,RSID_j,TS_j))\), \(\Pi _{CS}^z\) computes \(TB_i,UN_{i},CSID_j,UH_i^*\) to check \(UH_i^*\). If true, it continues to calculate \(TSID_j,CN_{j},CM_j^*\), and checks \(CM_j^*\). If true, \(\Pi _{CS}^z\) chooses \(TN_{CS}\) to compute \(TP_{CS},TR_{CS}, SK_{CS}, TQ_{CS}, TV_{CS}\). Then, the query is returned \(M_3 = \{TP_{CS}, TR_{CS}, TQ_{CS},TV_{CS}\}\). |
On a query Send\((\Pi _{S_j}^y, (TP_{CS}, TR_{CS}, TQ_{CS},TV_{CS}))\), \(\Pi _{S_j}^y\) computes \(CW_j, UN_{i}\oplus TN_{CS}\), \(SK_j\), \(TV_{CS}^*\) to check \(TV_{CS}^*\). If the verification does not equal, it will be terminated. Otherwise, the query is returned \(M_4 = \{TP_{CS},TQ_{CS}\}\). |
On a query Send\((\Pi _{U_i}^x, (TP_{CS},TQ_{CS}))\), \(\Pi _{U_i}^x\) verifies \(TQ_{CS}\). If the verifications holds, \(\Pi _{U_i}^x\) returns true. Otherwise, it terminates. |
On a query Execute, we use Send queries to simulate it. |
\((UH_i,UJ_i,UK_i,RID_i,TS_i)\longleftarrow\) Send\((\Pi _{U_i}^x, start)\), |
\((UH_i,UJ_i,UK_i,CL_j,CM_j,RID_i,RSID_j,TS_j) \longleftarrow\) Send\((\Pi _{S_j}^y,(UH_i,UJ_i,UK_i,RID_i,TS_i))\), |
\((TP_{CS},TR_{CS},TQ_{CS},TV_{CS})\longleftarrow\) Send\((\Pi _{CS}^z,(UH_i,UJ_i,UK_i,CL_j,CM_j,RID_i,RSID_j,TS_j))\), |
\((TP_{CS},TQ_{CS})\longleftarrow\) Send\((\Pi _{S_j}^y,TP_{CS},TR_{CS}, TQ_{CS},TV_{CS}))\). This query is returned \((UH_i,UJ_i,UK_i,RID_i,TS_i)\), \((UH_i,UJ_i,UK_i,CL_j,CM_j,RID_i,RSID_j,TS_j)\), \((TP_{CS},TR_{CS},TQ_{CS},TV_{CS})\), and \((TP_{CS},TQ_{CS})\). |
For a Hash(M) query, it returns a random value h. Note that a record (M, h) is required in the query. |
5.2 ProVerif
5.3 Informal security analysis
5.3.1 Privileged insider attacks
5.3.2 TVD attacks
5.3.3 User impersonation attacks
5.3.4 OPG attacks
5.3.5 Replay attacks
5.3.6 Anonymity and untraceability
5.4 Security and performance comparison
5.4.1 Security comparison
Security properties | [43] | [45] | [47] | [48] | [49] | Ours |
---|---|---|---|---|---|---|
Privileged insider attacks | \(\times\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) | \(\times\) | \(\checkmark\) |
TVD attacks | \(\times\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) | \(\times\) | \(\checkmark\) |
User impersonation attacks | \(\times\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) |
OPG attacks | \(\checkmark\) | \(\checkmark\) | \(\times\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) |
Replay attacks | \(\checkmark\) | \(\times\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) |
PFS | \(\times\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) |
Mutual authentication | \(\times\) | \(\times\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) |
Anonymity | \(\checkmark\) | \(\times\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) |
Untraceability | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) |
MI8 | Lenovo laptop | Lenovo desktop | |
---|---|---|---|
Operating system | Android system | Windows 10 | Windows 10 |
Running memory | 6G | 8G | 16G |
CPU | Qualcomm snapdragon | Intel(R) Core(TM)i7- | Intel(R) Core(TM) i5- |
845 | 6700HQ CPU @ 2.60 GHz | 9500 CPU @ 3.00 GHz | |
Hash function | 0.0041 ms | 0.0034 ms | 0.0023 ms |
Symmetric encryption/decryption | 0.2469 ms | 0.1746 ms | 0.1376 ms |
protocol | \(U_i\) (ms) | \(S_j\) (ms) | TCS (ms) | Tocal (ms) |
---|---|---|---|---|
Zhou et al. [43] | \(10T_H\approx 0.041\) | \(7T_H\approx 0.0238\) | \(19T_H\approx 0.0437\) | 0.1085 |
Martinez-Pelaez et al. [45] | \(3T_E+7T_H\approx 0.7694\) | \(3T_E+6T_h\approx 0.5442\) | \(2T_E+26T_H\approx 0.335\) | 1.6486 |
Kang et al. [47] | \(8T_H\approx 0.0328\) | \(4T_H\approx 0.0136\) | \(11T_H\approx 0.0253\) | 0.0717 |
Wu et al. [48] | \(12T_H \approx 0.0492\) | \(8T_H\approx 0.0272\) | \(19T_H\approx 0.0437\) | 0.1201 |
Huang et al. [49] | \(8T_H\approx 0.0328\) | \(4T_H\approx 0.0136\) | \(10T_H\approx 0.023\) | 0.0694 |
Ours | \(10T_H\approx 0.041\) | \(5T_H\approx 0.017\) | \(12T_H\approx 0.0276\) | 0.0856 |