Page 82 - 2023-Vol19-Issue2
P. 82
78 | Hamed & Yassin
VCU' i and then computes ECertUi = EncSKU' i (CertUi ) and • CdIDeHcA'rSUykipictshinseguckcrcsi' eI=sDsDUfuiel=c,?SCIKDHUiA'S(UEkiU;reii)fs.ttohreevserraifnicdaotmionnuofmIbDeUri =?
sends (ECertUi ,CHU i) to CHSk as a second factor. by
• CHSk computes CHU' i = H(CertUi ? VCUi ) and com- • CHSk computes PWA''Ui = H(H(PWUi ) ? ri') and com-
pares CHU i =? CHU' i. If so, a user is authenticated at the pares E(H(Ui)) =? gPWA'Ui hri' modN. If so, CHSk gener-
same time. Then, CHSk computes SKUi = SKUi ?VCUi
and decrypts CertU' i = DecSKU''i (ECertUi ). Therefore, our ates and encrypts verification code (VCUi )EU i = EncSKUi
proposed scheme achieves mutual authentication be- (VCUi ) and generates QRU i that contains the encrypted
verification code (VCUi ). Then, CHSk sends QRU i to
tween the two entities (Ui,CHSK). Otherwise, it rejects Ui.
the current phase.
Proposition 2. Our proposed scheme can support user As a result, the primitive parameters of (IDA' Ui , EH(Ui), EUi )
generate once, and CHSk cannot link many logins with the
anonymity. same Ui. Therefore, the proposed scheme can provide unlink-
ability.
Proof. If an attacker tries to eavesdrop on the user’s
login request, he cannot obtain the user’s identity from the
crypto hash function since it is embedded with ri, which is Proposition 5. Our proposed scheme is resistant to replay
not identified to the attacker. Additionally, ri generates once attacks.
for each user’s login request. In the login and authentication Proof. In a replay attack, an adversary intercepts the
phase, Ui sends (ID'AUi , EH(Ui), EUi ) to CHSK. Thus, it has
been encrypted by shared key SKUi that was known by Ui and login message delivered by a legitimate user to the CHSk and
replays it back to the attacker. Then, the adversary reuses
CHSK. Therefore, it is difficult for an attacker to reveal the
this message to impersonate the user when logging into the
user’s identity, and he cannot restore the shared key that is
generated once for each user’s login request. This indicates system in the next session. In our proposed scheme, each
new login request should be identical to CHSk' s parameters
that our proposed scheme can support user anonymity. (ID'AUi , EH(Ui), EUi , ECertUi ,CHU i), and he will be unable to
use these parameters again for logging into the system, as
Proposition 3. Our proposed scheme can ensure forward
secrecy.
Proof. The popular session key relies on SKUi used in these parameters are generated once based on ri for each
the login and authentication phase. Our proposed scheme user’s login request and he will be unable to get ri. Therefore,
an adversary cannot pass any replayed message to the CHSk
protects the password even when the shared key SKUi is dis- verification. Moreover, our approach can resist this attack
closed or leaked. If the shared key SKUi is revealed by the
adversary, the authentication of the system is not impressed without synchronization clocks. Therefore, an adversary will
to affection of attackers’ behaviors, and he cannot use this fail to apply this type of attack .
key in the next login phase since the shared key is generated Proposition 6. Our proposed scheme can resist MITM
once based on VCUi . Furthermore, it is extremely difficult attacks.
for an adversary to derive PWA'Ui and random number ri, as
well as the attribute of the crypto one-way hash function Proof. An MITM attack intercepts a conversation be-
tween the parties to the communication. The conversation ap-
PeaWvAe'Usdi =ropHa(lHl t(rPaWnsUmi )it?terdi)m. Aesdsdaigteiosn(aIlDly'A,Uiif, an adversary can pears normal for both parties; however, all the information ex-
E( HUi), EUi ), he
changed passes through the attacker, and he can eavesdrop or
will be unable to use these parameters again for logging into modify and re-send. We assume that the attacker has obtained
(ID'AUi , EH(Ui), EUi ) and modified it as (IDA'*Ui , EH(Ui)*, EUi *);
the system, as these parameters are generated once for each
user’s login request. Therefore, our proposed scheme ensures the modified parameters do not work, as CHSk verifies the
ID'*AUi that (IDA' Ui
perfect forward secrecy. ID'*AUi that was sent by the Ui, and finds EH(Ui), EUi ) =?
). Additionally, the message (IDA' Ui , is
Proposition 4. Our proposed scheme can provide unlink-
ability. generated once for each login phase. Thus, the proposed
Proof. This feature verifies that a user can attempt several scheme does not allow MITM attacks .
logins to the CHSK to consume resources/services without Proposition 7. Our proposed scheme is resistant to eaves-
others being able to connect the logins together to identify the dropping.
person. In the proposed scheme, each time Ui wants to log into Proof. This is the process of intercepting and examining
psryismteitmiv,ehceomsupbomnietnsts(IoDf A'(UIDi , EA' UHi (,UEi)H,(EUUi)i,)E)Utio)
the CH SK. Thus, messages to extract information from them. All parameters
the are generated
exchanged between Ui and CHSk are the parameters used
once for each login phase by using the following points: only once (IDA' Ui , EH(Ui), EUi , ri, SKUi andVCUi ); therefore, if
