n o e c n e r e f n o C l a n o it a n r e t n I 8 1 0
2 Communicaiton ,NetworkandAritifcia lIntelilgence(CNA I2018) 8
7 9 : N B S
I -1-60595- 50 -5 6
y
r
C
p
t
a
n
a
l
y
s
i
s
a
n
d
I
m
p
r
o
v
e
m
e
n
t
f
o
C
h
a
n
d
r
a
k
a
r
a
n
d
O
m
’
s
R
e
m
o
t
e
U
s
e
r
l
o
c
o
t
o
r
P
n
o
it
a
c
it
n
e
h
t
u
A
r
f
o
t
h
e
M
u
l
it
s
e
r
v
e
r
E
n
v
ri
o
n
m
e
n
t
n
e
i
h
C
-m
i
n
g
C
H
E
N
,
B
i
n
X
I
A
N
G
,
G
u
a
n
g
-
ij
e
W
A
N
G
a
n
d
Y - u
a
n
y HU
A
N
G
y g o l o n h c e T d n a e c n e i c S r e t u p m o C f o l o o h c
S ,HarbinInsttiuteofTechnology
l o o h c S e t a u d a r G n e h z n e h
S ,Shenzhen,518055,China
: s d r o w y e
K Authenitcaiton,Biometric-based ,ECC,Keyagreemen tprotoco,lMulitserver.
.t c a r t s b
A Recenlty ,AminandBiswasproposedabilinea rpairing-basedremoteruserauthentication l
o c o t o r
p for multiserver environment ,claiming i tto be secure under various attacks. However , r
d n a h
C akar and Om found tha tthe protoco lsuffersfrom an idenitty guessing attack ,a password ,
k c a t t a g n i s s e u
g a su re -serveri mpersonationattackandsoforth .Toeraset hes eweaknessesi nAmin s
a w s i B d n
a ’s protocol ,they later proposed a n enhanced ECC-based remoter user authentication .l
o c o t o r
p Unfortunately ,in this paper ,wedemonstratetha tChandrakar and Om’s protoco lis stli l o
t e l b a r e n l u
v auserimpersonationattack andcanno tprovideperfec tforwardsecrecy. Tosolvethe t
s e g g u s e w , s k c a b w a r
d somesimplebu teffectivemodification.
n o it c u d o r t n I
w o
N adays,t heInterne thasbecomeanessenita lpar tofourdailyl ive . ts I providesmassiveservices e
n i l n o , g n i p p o h s e n i l n o s a h c u s s u r o
f banking ,remotemonitoring ,healthcare ,etc .Whileenjoying d e tt i m s n a r t a t a d e h t e c n i s e u s s i r o j a m a s a d e g r e m e s a h y t i r u c e s , y c n e i c i f f e d n a y t i c i l p m i s e h
t via
n
i securechanne lusuallycontainst hesecreti nformationofusers’. Authenticationi sacryptographic .
) r e v r e s a d n a r e s u a , e l p m a x e r o f ( s e i t it n e o w t e t a c i t n e h t u a o t s p l e h t a h t m s i n a h c e
m Toguaranteet he
y t i l i b a i l e
r andsecurity ,manyauthenticationprotocolshadbeenproposedint hepastf ewyears [1- 51 .] ,
y lt n e c e
R AminandBiswasproposedabiilnearpairing-basedremoteruserauthenticationprotoco l t
n e m n o r i v n e r e v r e s it l u m r o
f ][ 1 andclaimedt hati tcouldresis tvariousattacks. However,Chandrakar m
O d n
a pointed ou ttha tthe proposed protoco lis insecure agains tan identity guessing attack ,a ,
k c a t t a g n i s s e u g d r o w s s a
p a user untraceabliity attack ,a user-server impersonation attack ,a new d
n a k c a t t a d r a c t r a m
s aprivileged insider attack [2] .To avoid such attacks ,they proposed a new C
C
E -basedremoteuserauthenticationprotocol .Nevertheless,i nt hispaper ,wefindt ha tChandrakar ’
m O d n
a sprotoco lstil lsuffersfrom a useri mpersonationattackandcanno tprovideperfec tforward .
y c e r c e
s In order to erase the drawbacks we found ,we also sugges tsome simple bu teffecitve n
o i t a c i f i d o
m inthispaper. n
i a m e r e h
T der of the paper is organized as follows. Section 2 briefly reviews the protoco lof s
’ m O d n a r a k a r d n a h
C .Weanalyzet heirprotoco landshowtheirflawsi nsection3.Insection4 ,we e
s o p o r
p some modificaiton and section 5 discuss the security of our improvement. Finally ,we .
6 n o i t c e s n i r e p a p e h t e d u l c n o c
f o w e i v e
R ChandrakarandOm’ sProtocol s
w e i v e r y l f e i r b n o i t c e s s i h
T Chandrakar and Om’sProtocol ,which containssix phases :(1)Setup )
2 ( , e s a h
p Serverregistrationphase ,(3)Userregistrationphase ,(4)Login phase ,(5)Authenitcation .
e s a h p e g n a h c d r o w s s a P ) 6 ( d n a e s a h p
SetupPhase
r e t n e c n o i t a r t s i g e r e h
T RCselectsanelilpticmodulo ,aprimepandabasepoint𝐺∈𝐸𝑝�𝑎,𝑏� .Then,RC
y e k t e r c e s a s t c e l e
s x ,a fuzzy extractor function 𝐺 (𝑒𝑛 ∙)and𝑅 (𝑒𝑝 ∙), and a secure one-way hash n
o i t c n u
f ℎ(∙):�0,1�∗→𝑍
n o it a r t si g e R r e v r e
S Phase
r e v r e s e t o m e r a , e c i v r e s g n i d i v o r p e r o f e
B Sj mus tregisterinRCby thefollowingsteps.Thewhole .l
e n n a h c e r u c e s e h t n o e r a s s e c o r p
. 1 p e t
S Sj selectsani denttiy SIDj andsendsitt oRC.
. 2 p e t
S On receiving themessagefromSj, RCcomputes𝑅𝑆𝑗� ℎ�𝑆𝐼𝐷𝑗∥𝑥�and sendstheresul tto
j
S .
e s a h P n o it a r t si g e R r e s U
r e s u a n e h
W Ui desirestoaccesstheserviceprovidedbytheremoteserver ,hehast oregisterinRC t
s r i
f byt hefollowingsteps. .
1 p e t
S Ui selectshisi denttiy IDi andpassword PWi ,andi mprintsbiometrici mpression Bi att he T
. r o s n e
s hen the secre tkey SPi and public key PPi are extracted wtih𝐺 (𝑒𝑛 𝐵𝑖)� �𝑆𝑃𝑖,𝑃𝑃𝑖� .Next ,Ui s
e t u p m o
c 𝑅𝑃𝑊𝑖� ℎ�𝑃𝑊𝑖∥𝑆𝑃𝑖�andsends {IDi,RPWi} toRC. .
2 p e t
S When receiving registration message, RC computes𝐴𝑖� 𝑥⋅𝐺,𝐶𝑖� 𝐴𝑖�ℎ�𝐼𝐷𝑖 ∥𝑅𝑃𝑊𝑖�⋅𝐺 ,
d n
a 𝐸𝑖 � ℎ�ℎ�𝐼𝐷𝑖 ∥ℎ(𝑅𝑃𝑊𝑖)�mod𝑛0� .Then ,he stores�𝐶𝑖,𝐸𝑖,ℎ(⋅),𝐺 (𝑒𝑛 ⋅),𝑅 (𝑒𝑝 ⋅),𝑝,𝐸𝑝,𝐺,𝑛0� into a smar t
o t ti s d n e s d n a d r a
c Ui.
3 p e t
S .After receiving the card from RC ,Ui stores PPi into ti .Finally ,the card contains
�𝐶𝑖,𝐸𝑖,ℎ(⋅),𝐺 (𝑒𝑛 ⋅),𝑅 (𝑒𝑝 ⋅),𝑝,𝐸𝑝,𝐺,𝑃𝑃𝑖�.
e s a h P n i g o L
r e s u d e r e t s i g e r a n e h
W Ui attempts to access services ,he construc tlogin reques tmessage by the .
s p e t s g n i w o l l o f
. 1 p e t
S Ui inserts his card and inputs his IDi , PWi and Bi . hT en the smar t card obtains
( )
* ,
i i i Rep B PP
P
S = and computes𝑅𝑃𝑊𝑖∗� ℎ(𝑃𝑊𝑖∥𝑆𝑃𝑖∗),𝐸𝑖∗� ℎ�ℎ�𝐼𝐷𝑖∥ℎ(𝑅𝑃𝑊𝑖∗)�mod𝑛0�. After that ,he
r e h t e h w s k c e h
c *
i
i E
E = .If this holds ,the smart card believesUi is the owner and continues to e
t u c e x
e S et 2p . . 2 p e t
S Thesmar tcardthengeneratesarandominteger Nc andcontinuestocompute𝑇𝑖 � 𝑁𝑐⋅𝐺,
𝐴𝑖� 𝐶𝑖�ℎ(𝐼𝐷𝑖 ∥𝑅𝑃𝑊𝑖∗)⋅𝐺� 𝑥⋅𝐺,𝑃𝑖� 𝑁𝑐⋅𝐴𝑖� 𝑁𝑐⋅𝑥⋅𝐺, 𝐷𝐼𝐷𝑖 � 𝐼𝐷𝑖⊕ℎ�𝑃𝑖 ∥𝐴𝑖� and 𝐷𝑖 � ℎ�𝑆𝐼𝐷𝑗∥𝐼𝐷𝑖∥
𝑃𝑖∥𝐴𝑖�.
s d n e s e h , n e h
T
{
Ti,DIDi,SIDj,Di}
toR . Ce s a h P n o it a c it n e h t u A
r e s u e h
T Ui andt her emoteserver Sj authenitcateeachotherandestab ilshasessionkeyw iththehelp f
o RCbyt hefollowingsteps. .
1 p e t
S On receiving login reques tmessagefrom Ui ,RC computes Ai =x⋅G ,Pi =Ti⋅x=Nc⋅x⋅G ,
𝐷
𝐼 𝑖 � 𝐷𝐼𝐷𝑖⊕ℎ�𝑃𝑖∥𝐴𝑖� and𝐷𝑖∗� ℎ�𝑆𝐼𝐷𝑗∥𝐼𝐷𝑖∥𝑃𝑖∥𝐴𝑖� .Then ,he checks i f Di*=Di .If this holds ,he
e h t s t p e c c
a loginreques tandconitnuest oStep2 ;otherwise ,heabortst hesession. .
2 p e t
S RC then generates a random integer Nr and computes 𝑅𝑆𝑗� ℎ�𝑆𝐼𝐷𝑗∥𝑥� , Li =Nr⋅G ,
j r j i
i L RS N RS G
W = ⋅ = ⋅ ⋅ ,𝑇𝐼𝐷𝑖 � 𝐼𝐷𝑖⨁ℎ�𝑅𝑆𝑗∥𝑊𝑖�,𝑌𝑖� 𝑃𝑖� ℎ(𝐼𝐷𝑖∥𝑊𝑖)⋅𝐺and𝐾𝑖� ℎ�𝑃𝑊𝑖∥𝑊𝑖∥𝐼𝐷𝑖 ∥𝑆𝐼𝐷𝑗∥
𝑆
𝑅𝑗�. Finally ,hesends
{
SIDj,Li,Yi,TIDi,Ki}
to Sj.. 3 p e t
S When Sj receives
{
SIDj,Li,Yi,TIDi,Ki}
fromRC ,hecomputesWi =Li⋅RSj =Nr⋅RSj⋅G ,𝐼𝐷𝑖 �𝐷 𝐼
𝑇 𝑖⨁ℎ�𝑅𝑆𝑗∥𝑊𝑖� , 𝑃𝑖� 𝑌𝑖� ℎ(𝐼𝐷𝑖 ∥𝑊𝑖)⋅𝐺 da n 𝐾𝑖∗� ℎ�𝑃𝑊𝑖∥𝑊𝑖∥𝐼𝐷𝑖∥𝑆𝐼𝐷𝑗∥𝑅𝑆𝑗� . Then , he checks
r e h t e h
w *
i i K
K = ornot .Ift hisholds ,SjtrustsonRC ;otherwise ,heabortsthesession. .
4 p e t
S Sj then generates a random integer Ns and computes Hi =Ns⋅G , Xi=Wi+Pi ,
i i i H ID G
. 5 p e t
S When Ui receives
{
Xi,Zi,Qi,SIDj}
from Sj ,he computes Wi=Xi−Pi,Hi =Qi−IDi⋅G and𝑍𝑖∗� ℎ�𝑊𝑖∥𝐼𝐷𝑖∥𝑆𝐼𝐷𝑗∥𝐻𝑖� da n checks whether Zi*=Zi .If this holds ,Ui trusts on Sjand computes
𝐾
𝑆 � ℎ�𝐼𝐷𝑖 ∥𝑆𝐼𝐷𝑗∥𝑃𝑖∥𝑊𝑖 ∥𝐻𝑖�,𝑉𝑖 � ℎ�𝐼𝐷𝑖 ∥𝑆𝐾�andsendsVi to Sj; otherwise ,heabortsthesession.
. 6 p e t
S When Sj receives Vi from Ui ,he computes𝑆𝐾∗� ℎ�𝐼𝐷
𝑖 ∥𝑆𝐼𝐷𝑗∥𝑃𝑖∥𝑊𝑖∥𝐻𝑖�,𝑉𝑖∗� ℎ�𝐼𝐷𝑖∥
𝐾
𝑆 ∗�andcheckswhether *
i
i V
V = .Ift hisholds ,SjbelievesUi hassuccessfullybuitlupt hesessionkey
K S .
Witht heabovesteps,t heuserUi andt heremoteserver SjfinallyestablishSKandcansecurelyuse .
n o it a c i n u m m o c r e h t r u f r o f t i
e s a h P e g n a h C d r o w s s a P
r e s u d e r e t s i g e r a n e h w d e d e e n s i e s a h p s i h
T Ui desirest ochangehispassword .Thewholeprocessi s m
o r f p l e h o n h t i w s p e t s g n i w o l l o f e h t y b d e m r o f r e
p RC.
. 1 p e t
S Ui insertshiscardandexecutesStep1oft hel oginphaset ocheckwhetherheist heowner. p
e t
S 2. Ui inputs a new password PWinew and the smar tcard computes𝑅𝑃𝑊𝑖𝑛𝑒𝑤� ℎ(𝑃𝑊𝑖𝑛𝑒𝑤∥
𝑃
𝑆 𝑖∗),𝐶𝑖𝑛𝑒𝑤� 𝐶𝑖� ℎ(𝐼𝐷𝑖∥𝑅𝑃𝑊𝑖∗)⋅𝐺� ℎ�𝐼𝐷𝑖∥𝑅𝑃𝑊𝑖𝑛𝑒𝑤�⋅𝐺and𝐸𝑖∗� ℎ�ℎ�𝐼𝐷𝑖 ∥ℎ(𝑅𝑃𝑊𝑖∗)�mod𝑛0� .
. 3 p e t
S Thesmar tcarduses
{
new, new}
i i EC toreplace {Ci,Ei} inhismemory.
f o s is y l a n a t p y r
C ChandrakarandOm’ sProtocol t a h t s g n i d n i f r u o e b i r c s e d l l i w e w , n o i t c e s s i h t n
I Chandrakarand Om’sProtocolsuffersfrom user n
a c d n a k c a t t a n o i t a n o s r e p m
i no tprovideperfec tforwardsecrecy. Su ffersf romUserI mpersona itonA ttack
r e k c a t t a n
A Evecanimpersonatean yuserbythefollowingsteps. F orconvenience ,weassumethat e
v
E impersonates a userwhoseidenitty si IDa. .
1 p e t
S Eve registersinRC w iththeregistrationmessage {IDe,RPWe} ,andwil lhaveasmar tcard s
n i a t n o
c �𝐶𝑒,𝐸𝑒,ℎ(⋅),𝐺 (𝑒𝑛 ⋅),𝑅 (𝑒𝑝 ⋅),𝑝,𝐸𝑝,𝐺,𝑛0�,t hushecanobtain𝐴𝑒� 𝑥⋅𝐺� 𝐶𝑒�ℎ(𝐼𝐷𝑒 ∥𝑅𝑃𝑊𝑒)⋅𝐺.
. 2 p e t
S Then ,Evegeneratesarandominteger Nc and computes Ta =Nc⋅G ,Pa=Nc⋅Ae=Nc⋅x⋅G ,
𝐷 𝐼
𝐷 𝑎� 𝐼𝐷𝑎⊕ℎ�𝑃𝑎∥𝐴𝑒� dan 𝐷𝑎� ℎ�𝑆𝐼𝐷𝑗∥𝐼𝐷𝑎∥𝑃𝑎∥𝐴𝑒� .Lastly ,hesends
{
Ta,DIDa,SIDj,Da}
toRC. .3 p e t
S WhenRCreceiveslogin reques tmessagefromEve ,hecomputestheparameters Aa ,Pa , a
D
I and *
a
D . hT en ,he checks the validity of Da.Of course ,i twil lpass the verification. Next ,he s
d n e s d n a s e t a r e n e
g
{
SIDj,La,Ya,TIDa,Ka}
to Sj. .4 p e t
S When Sj receives
{
SIDj,La,Ya,TIDa,Ka}
from RC ,hecomputesand checksthe validity ofa
K .Thesamebefore ,i twil lpasstheverificaiton .Next ,hegeneratesand sends
{
Xa,Za,Qa,SIDj}
to ev E .
. 5 p e t
S When Eve receives
{
Xa,Za,Qa,SIDj}
from Sj ,he computes Wa , Ha first . T nh e Eve se t u p m o
c 𝐾� ℎ�𝐼𝐷𝑎∥𝑆𝐼𝐷𝑗∥𝑃𝑎∥𝑊𝑎∥𝐻𝑎�,𝑉𝑎� ℎ�𝐼𝐷𝑎∥𝑆𝐾� .Aftert hat ,hesendsVa to Sj.
. 6 p e t
S When Sj receivesVa from Eve ,hecomputes𝑆𝐾∗� ℎ�𝐼𝐷
𝑎∥𝑆𝐼𝐷𝑗∥𝑃𝑎∥𝑊𝑎∥𝐻𝑎�,𝑉𝑎∗� ℎ�𝐼𝐷𝑎∥
𝑆𝐾∗�andchecksthevalidityof
a
V .Thiswil lalsopasst heverificaiton .Finally, Sj regardsEveast he t
i t n e d i e s o h w r e s
u yi s IDa da n establishthesessionkeySKwithhim. y
c e r c e S d r a w r o F t c e f r e P e d i v o r P t o n n a C
t c e f r e
P forward secrecy meanstha teven when an attacker knows the secre tkey ofmorethan one s
e i t i t n
e , hestli lcanno tobtainthepreviouske y.In ChandrakarandOm’sprotocol ,whenanattacker e
v
E hasobtainedthetransmittedmessages and Sj’ssecre tkeyx,t heni ti seasyf orhimt ocomputet he
. y e k n o i s s e
. 1 p e t
S EveextractsTi,DIDi,Xi,Qi and SIDj fromt het ransmtitedmessages.
. 2 p e t
S Evecomputes Ai=x⋅G ,Pi=Ti⋅x ,𝐼𝐷𝑖� 𝐷𝐼𝐷𝑖⊕ℎ�𝑃𝑖∥𝐴𝑖� ,Wi=Xi−Pi ,and Hi =Qi−IDi⋅G. .
3 p e t
S Evethencomputest hesessionkey𝑆𝐾� ℎ�𝐼𝐷𝑖 ∥𝑆𝐼𝐷𝑗∥𝑃𝑖∥𝑊𝑖 ∥𝐻𝑖�.
o
P s isbleI mprovement f o s e s s e n k a e w e h t e s a r e o
T ChandrakarandOm’sprotocol ,inthissection ,wesugges tsomesimple t
u
b effectivemodificationinuserregistrationphase,l oginphaseandauthenticationphase. e
s a h p n o it a r t si g e r r e s u n
I ,RCcomputesandstoresonemoreparameteri nsmar tcardt hati sused .
e s a h p n i g o l n
i Theparameteri s𝐹𝑖 � ℎ(𝐼𝐷𝑖 ∥𝑅𝑃𝑊𝑖)⨁ℎ�𝐼𝐷𝑖∥𝑥�.
l n
I ogin phase, ausercomputesℎ�𝐼𝐷𝑖∥𝑥�� ℎ(𝐼𝐷𝑖∥𝑅𝑃𝑊𝑖)⨁𝐹𝑖 and changes thecomputation of Di o
t 𝐷𝑖� ℎ�𝑆𝐼𝐷𝑗∥𝐼𝐷𝑖 ∥𝑃𝑖∥𝐴𝑖 ∥ℎ�𝐼𝐷𝑖 ∥𝑥��.
e s a h p n o it a c it n e h t u a n
I ,RCforwards
{
SIDj,Li,Yi,TIDi,Ki,Ti}
instead of{
SIDj,Li,Yi,TIDi,Ki}
to Sj. ,e r o m r e h t r u
F t hecomputation of session key SK changes. WhenSj computes session key ,he uses
𝑆𝐾∗� ℎ�𝐼𝐷
𝑖 ∥𝑆𝐼𝐷𝑗∥𝑃𝑖∥𝑊𝑖 ∥𝐻𝑖 ∥𝑁𝑠⋅𝑇𝑖� ,whileUi uses𝑆𝐾� ℎ�𝐼𝐷𝑖 ∥𝑆𝐼𝐷𝑗∥𝑃𝑖∥𝑊𝑖 ∥𝐻𝑖 ∥𝑁𝑐⋅𝐻𝑖�.
n o is s u c si D
e w , n o i t c e s s i h t n
I demonstratethat ro u improvementi nChandrakarandOm’sprotocolenhances the y
t i r u c e
s sincet hemodifiedprotoco lcanresis tuseri mpersonationattackandprovideperfec tforward .
y c e r c e
s Furthermore,Table1showsthecomparison ofthesecurityfeaturesbetweeno urmodified s
l o c o t o r p d e t a l e r e h t d n a l o c o t o r
p .
t si s e r l o c o t o r p d e if i d o m e h
T s userimpersona itona ttack. nI themodifiedprotoco,lsupposet ha t k
c a t t a n
a Evehasobtainedprevioust ransmittedmessagesand Ai =x⋅G,t oi mpersonateUi ,hemus t e
v i e c e d o t e g a s s e m d e t a c i r b a f r e h t o n a t c u r t s n o
c RC .However ,withou tt he parameterℎ�𝐼𝐷𝑖 ∥𝑥� ,he
l a g e l a e t a e r c t o n n a
c Di. Therefore,t hemodifiedprotoco lresistsauseri mpersonationattack. e
d i v o r p l o c o t o r p d e if i d o m e h
T s perfectf orward secrecy. Assumetha tEvehasobtained Sj’ s y
e k t e r c e
s x.Tocomputet hesessionkey ,Evemus tcomputes Nc⋅Ns⋅G ,whichi sessentiali nsession y
e
k SK. Nevertheless ,with the parameters Nc⋅G da n Ns⋅G ,he canno tcomputes Nc⋅Ns⋅G since e
i f f i D l a n o i t a t u p m o c e v r u c c it p i l l
e -Hellmanproblem .Therefore,t hesessionkeyi sou tofEve’sreach , t
c e f r e p s e d i v o r p l o c o t o r p d e i f i d o m e h t d n
a forwardsecrecy.
1 e l b a
T .Comparisonoft hesecurityfeaturesamongprotocols.
F
S Protocosl
’ s a w s i B d n a n i m
A s ChandrakarandOm’s Ourmodified 1
A N O YES YES
2
A N O YES YES
3
A N O N O YES
4
A N O YES YES
5
A YES YES YES
6
A YES YES YES
7
A YES N O YES
s n o it a i v e r b b
A : SF :securityfeatures; 1A : provideuseranonymity;
2
A : withstandpasswordguessingattack; A3: withstanduseri mpersonationattack ;
A4:withstandserveri mpersonationattack; A5: withstandsessionkeyt emporary ;
k c a t t
a
6
n o is u l c n o C z y l a n a e w , r e p a p s i h t n
I e a bimotric-based remote user authentication protoco lfor multiserver .t n e m o r i v n
e Althought heauthorsclaimedt heprotocoli ssecureagains tvariousattack ,wesitl lfindi t c e r c e s d r a w r o f t c e f r e p e d i v o r p t o n n a c d n a k c a t t a n o i t a n o s r e p m i r e s u m o r f s r e f f u
s y . To erase the
t s e g g u s r e t a l e w , y t i r u c e s e h t e c a h n e d n a s e s s e n k a e
w somemodificationin theirprotocol .Security . y t i r u c e s f o s m r e t n i r e t t e b s m r o f e p l o c o t o r p d e i f i d o m e h t t a h t s w o h s s i s y l n a t n e m e g d e l w o n k c A e h
T workwassupportedi npar tbyShenzhenTechnica lProjec tunderGran tnumberJCYJ201703071 l a c i n h c e T n e h z n e h S y b t r a p n i d n a 8 8 7 0 5 7 1
5 oPr jec tunderGran tnumberQJSCX20170327161755.
s e c n e r e f e R ] 1
[ AminR. ,BiswasG.P .Designandanalysisofbliinearpairingbasedmutua lauthenticationandkey e m e e r g
a n tprotoco lusable in mulit-server environment [J] .Wireless Persona lCommunications , 9 3 4 : ) 1 ( 4 8 , 5 1 0
2 -462. ]
2
[ Chandrakar P. ,Om H .Cryptanalysis and improvemen tof a biometric - based remote user t n e m n o r i v n e r e v r e s i t l u m a n i e l b a s u l o c o t o r p n o it a c i t n e h t u
a [J] . Transactions on Emerging . ) 2 1 ( 8 2 , 7 1 0 2 , s e i g o l o n h c e T s n o i t a c i n u m m o c e l e T ] 3
[ AminR. ,IslamS.K.H. ,BiswasG.P. ,e tal .Anefficien tandpractica lsmar tcardbasedanonymity y h p a r g o t p y r c e v r u c c i t p i ll e g n i s u S I M T r o f e m e h c s n o it a c i t n e h t u a r e s u g n i v r e s e r
p J[ ] .Journa lof
. 0 8 1 : ) 1 1 ( 9 3 , 5 1 0 2 , s m e t s y s l a c i d e m ] 4
[ AminR. ,IslamS.H. ,BiswasG.P. ,e tal .Cryptanalysisandenhancemen tofanonymitypreserving e r o f e m e h c s t n e m e e r g a y e k n o i s s e s d n a n o it a c i t n e h t u a l a u t u m r e s u e t o m e
r -health caresystems[J] .
e m f o l a n r u o
J dica lsystems ,2015 ,39(11) :140. ]
5
[ HeD. ,ZeadallyS. ,KumarN. ,e tal .Efficien tandanonymousmoblieuserauthenitcationprotoco l f l e s g n i s
u -certifiedpubilckeycryptographyformulti-serverarchitectures[J] .IEEETransactionson a s c i s n e r o F n o i t a m r o f n
I ndSecurity ,2016 ,11(9) :2052-2064. ]
6
[ Wazid M. ,Das A.K. ,Kumar iS. ,e tal .Design of an efficien tand provably secureanonymity e e r h t g n i v r e s e r
p -factoruserauthentication and key agreemen tscheme forTMIS [J] .Security and ( 9 , 6 1 0 2 , s k r o w t e N n o it a c i n u m m o
C 13) :1983-2001. ]
7
[ AminR. ,IslamS.K. ,KhanM.K. ,e tal .ATwo-FactorRSA-BasedRobus tAuthenticationSystem s t n e m n o r i v n E r e v r e s i t l u M r o
f [J] .SecurityandCommunicationNetworks ,2017 ,2017. ]
8
[ Cho iY. ,LeeY. ,MoonJ ,e tal .Securityenhancedmulti-factorbiometricauthenticationscheme o i b g n i s
u -hashfunciton[J] .PloSone ,2017 ,12(5) :e0176250. ]
9
[ Chandrakar P. , Om H . A Secure and Robus t Anonymous Three-Factor Remote User i t l u M r o F e m e h c S n o it a c i t n e h t u
A -ServerEnvironmen tUsing ECC[J] .ComputerCommunications , . 7 1 0 2 K g n a W ] 0 1
[ .H. ,ChenC.M. ,FangW. ,e tal .Ont hesecurityofanewultra-ilghtweigh tauthenitcation s g a t D I F R r o f t n e m n o r i v n e T o I n i l o c o t o r
p [J] .TheJourna lofSupercomputing ,2018 ,74(1) :65- .7 0 C n e h C ] 1 1
[ .M. ,Wang K.H. ,Wu T.Y. ,e tal .On theSecurity of aThree-party Authenticated Key s p a M c it o a h C n o d e s a b l o c o t o r P t n e m e e r g
A [J] .DataScienceandPattern Recognition ,2017,1(2) : 1- .1 0
1
[ 2 ]WangK.H. ,ChenC.M. ,FangW. ,e tal .Asecureauthenitcationschemef orI nterne tofThings[J] . o M d n a e v i s a v r e
1
[ 3 ] Chen C.M. ,Fang W. ,Wang K.H. ,e tal .Comments on “An improved secure and efficien t s
o a h c d n a d r o w s s a
p -basedt wo-partykeyagreemen tprotocol”[J] .NonilnearDynamics ,2017 ,87(3) : 3
7 0
2 -2075. H u h Z ] 4 1
[ . ,Zhang Y .An Efficien tChaotic Maps-Based Deniable Authenticaiton Group Key l
o c o t o r P t n e m e e r g
A [J] .WirelessPersona lCommunications ,2017 ,96(1) :217-229. ]
5 1
[ SunH.M. ,HeB.Z. ,ChenC.M. ,e tal .Aprovableauthenticatedgroupkeyagreemen tprotocolf or t
n e m n o r i v n e e l i b o