Cryptanalysis and Improvement of User Authentication Scheme Based on Rabin Cryptosystem

With the emergence of various methods for user authentication, smartcards have appeared as a convenient method of authentication based on possession factor. Besides, Rabin Cryptosystem has the same security strength is seen in using factoring problems such as RSA. In 2016, Ranjan et al. introduced Rabin Cryptosystem based user authentication scheme. Rabin Cryptosystem calculates only square modulo in encryption, it is more efficient than the RSA. Furthermore, they insisted their scheme provides resistance of replay attack and denial of service attack, and mutual authentication. However, unfortunately, we discover that there are some vulnerabilities in Ranjan et al.’s scheme that might cause serious problems. In this paer, we briefly review a Ranjan et al.’s scheme and reveal the possibility of attacks to consider in the user authentication scheme like offline password guessing, user/server impersonation attacks. Also, their scheme does not support a user anonymity and a session key agreement process. Next, we describe our Rabin Cryptosystem based user authentication improvement; then, we demonstrate our proposed scheme shows more secure compared to Ranjan et al.’s scheme and more suitable to the real environment.

[1]  Hyoung-Kee Choi,et al.  Further Improved Remote User Authentication Scheme , 2011, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[2]  Dongwoo Kang,et al.  Efficient and Secure Biometric-Based User Authenticated Key Agreement Scheme with Anonymity , 2018, Secur. Commun. Networks.

[3]  Jongho Moon,et al.  An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards , 2015, PloS one.

[4]  Pankaj Rohatgi,et al.  Introduction to differential power analysis , 2011, Journal of Cryptographic Engineering.

[5]  Jongho Moon,et al.  Improving Biometric-Based Authentication Schemes with Smart Card Revocation/Reissue for Wireless Sensor Networks , 2017, Sensors.

[6]  Pratik Ranjan,et al.  An Efficient Remote User Password Authentication Scheme based on Rabin’s Cryptosystem , 2016, Wireless Personal Communications.

[7]  Nishant Doshi,et al.  An analytical study of biometric based remote user authentication schemes using smart cards , 2017, Comput. Electr. Eng..

[8]  Tanmoy Maitra,et al.  An Efficient and Robust RSA-Based Remote User Authentication for Telecare Medical Information Systems , 2014, Journal of Medical Systems.

[9]  Yuan-Fu Li,et al.  A Security Enhancement on a Remote User Authentication Scheme Based on the Rabin Cryptosystem with Secure Password Updating , 2012, 2012 26th International Conference on Advanced Information Networking and Applications Workshops.

[10]  Chunguang Ma,et al.  Security flaws in two improved remote user authentication schemes using smart cards , 2014, Int. J. Commun. Syst..

[11]  Fuw-Yi Yang,et al.  Password Authentication Scheme Preserving Identity Privacy , 2014, 2014 Sixth International Conference on Measuring Technology and Mechatronics Automation.

[12]  Ruhul Amin,et al.  Remote Access Control Mechanism Using Rabin Public Key Cryptosystem , 2015 .

[13]  Chin-Chen Chang,et al.  A Novel Biometric-Based Remote User Authentication Scheme Using Quadratic Residues , 2013 .

[14]  Cheng-Chi Lee,et al.  A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps , 2013 .

[15]  Chunguang Ma,et al.  Cryptanalysis of a remote user authentication scheme for mobile client-server environment based on ECC , 2013, Inf. Fusion.