Page 81 - 2023-Vol19-Issue2
P. 81

77 |                                                                                                        Hamed & Yassin

Fig. 7. Login and Authentication phase that cannot be
attacked of user.

tinguishes between the obligations that each component bears.  Fig. 9. Model checking of the login and authentication phase
After removing the security components of the proposed sys-    of patient.
tem, such as crypto hashing and encryption, we will be able
to observe the system’s apparent vulnerability. As a result,   authentication, and session key agreement.
the system becomes unsafe as a result of this, making it more      Proposition 1. Our proposed scheme provides mutual
vulnerable to assault by malicious entities (see Fig. 8. Fig-
ure 9 demonstrates the safety and security of the Login and    authentication.
Authentication phase that cannot be attacked of user.              Proof. This security feature denotes that an attacker

                                                               should fail to impersonate the legal system’s components
                                                               (Wi, Di, ADM, Ei) to CHSK, and vice versa. In this paper, au-
                                                               thentication of Ui to CHSK has used the following four steps:

                                                               • User (Ui), who possesses the secret factors, can suc-
                                                                 cessfully bring the factors (ID'AUi , EHUi , EUi ) to CHSk
                                                                 as a first factor.

                                                               • CHSk compares IDUi =? ID'AUi ; if the verification of

                                                               IDUi =? IDA' Ui is successful, it computes   r)i'?=rDi')eacnSdKUci o(EmU-i  ).
                                                               Then, it computes PWA''Ui = H(H(PWUi
                                                               pares EH(Ui) =? gPWA''Ui hri' modN. If so, CHSk generates
Fig. 8. Login and authentication phase that can be attacked.
                                                               and encrypts verification code (VCUi ) EU i = EncSKUi
B. Informal Security Analysis
In this section, the proposed scheme is proved using an in-    (VCUi ) and generates the Quick Response code (QRU i)
formal method. We aim to resist well-known attacks such
as MITM attack, replay attack, and insider attack according    that contains the encrypted verification code (VCUi ).
to the proposed scheme. Furthermore, the proposed scheme
possesses several merits, including user anonymity, mutual     Then, CHSk sends (QRUi ) to Ui.

                                                               • Upon receiving this information, Ui scans (QRU i) using

                                                               a QR scanner. Subsequently, Ui will get (EU i) and de-
                                                               crypt VCU' i =
                                                               H(CertUi ? V    DCU'eic)S.KUNi (eExUt,  i).  Then, it computes CHU i  =
                                                                                                       Ui   computes SKUi = SKUi     ?
   76   77   78   79   80   81   82   83   84   85   86