# Elliptic Curve Signcryption-Based Mutual Authentication Protocol for Smart Cards

^{1}

^{2}

^{3}

^{4}

^{5}

^{*}

## Abstract

**:**

## 1. Introduction

#### 1.1. Security Requirements for Smart Cards

- Confidentiality—This property ensures that the information or data transmitted and received from the smart card are in an incomprehensible form, so that an unauthorized party cannot understand it.
- Authentication—The smart card must authenticate the other party before sending any message or information to it.
- Non-repudiation—The smart card and the other legitimate party cannot repudiate after sending or receiving the transmitted message.
- Integrity—The data sent or received by the smart card must not be rehabilitated in transit.
- Availability—The smart card must be capable to produce the required data as and when needed by the user.
- Forward Security—This attribute ensures that an adversary is not be able to obtain the past messages, even if they are in the possession of a secret session key for the long term.

#### 1.2. Security Challenges of Smart Cards

- Low Computational Capability—The smart cards have a low computational capacity of 1–5 MHz clock rate, less than 1 MB flash memory, and a few hundreds of KB RAM [5]. Owing to these restricted computational resources, it is challenging to develop computationally efficient security solutions that satisfy the required security attributes as well as security functions.
- Less Power—Certain smart cards operate on power, which is limited. The security operations must be carefully selected in a way that avoids heavy computational operations and tasks.
- Unreliable Communication—The messages and data sent by the smart cards and received by them passes through an unreliable wireless medium, and therefore, it is more susceptible to different attacks. Strong security countermeasures must be implemented to defeat these attacks.

#### 1.3. Communication Scenario

#### 1.4. Organization of Paper

## 2. Literature Review

## 3. Preliminaries

#### 3.1. Operations on Elliptic Curve

- Identity—For each point existing on the elliptic curve $E$, i.e., Q$\in E\left({F}_{q}\right),\text{}Q+O\text{}=\text{}O+Q\text{}=\text{}Q.$
- Negative—Assuming a point $Q=(x,\text{}y\in E\left({F}_{q}\right),\text{}$then the negative of point $Q$ is represented by $-Q=\left(x,-y\right)$. The property is $Q+\left(-Q\right)=O$. Moreover, $-O=O$.
- Elliptic Curve Point Addition—Assuming the two points $Q=\left({x}_{1},\text{}{y}_{1}\right)$ and $R=\left({x}_{2},\text{}{y}_{2}\right)$ on $E\left({F}_{q}\right)$ with $Q\ne \pm R$. The elliptic curve point addition of $Q$ and $R$ is expressed by another third point $Q+R\text{}=\text{}\left(x,y\right)\in E\left({F}_{q}\right).\text{}$The coordinates $x\text{}$and y are given by:$$x=\text{}{\rho}^{2}-{x}_{1}\text{}-{x}_{2}\text{}\mathrm{and}\text{}y=\text{}\lambda \left({x}_{1}-x\right)-{y}_{1}$$$$\rho =\text{}\frac{{y}_{2}-{y}_{1}}{{x}_{2}-{x}_{1}},\text{}\mathrm{if}\text{}Q\ne R\text{}\mathrm{and}\text{}=\frac{3{x}_{1}{}^{2}+A}{2{y}_{1}},\text{}\mathrm{if}\text{}Q=R$$
- Elliptic Curve Point Multiplication—Consider a point Q$\in E\left({F}_{q}\right)$, the elliptic curve point multiplication is expressed as $kQ\text{}=\text{}Q+Q+\dots +Q\left(k\text{}times\right)$.
- XOR Operation—The XOR operation between two points on the elliptic curve has been computed by performing XOR operation between the corresponding x and y coordinates of both the points.

#### 3.2. Computational Problems on Elliptic Curve

- Elliptic Curve Discrete Logarithmic Problem—For two given points on the elliptic curves ${Q}^{\prime}\in E\left({F}_{q}\right)$ and ${R}^{\prime}\in E\left({F}_{q}\right)$, it is computationally not feasible to find an integer $k$ such that ${Q}^{\prime}=k{R}^{\prime}$ [56].
- Elliptic Curve Diffie-Hellman Problem—For a given point ${Q}^{\prime}\in E\left({F}_{q}\right)$ and two more points, ${R}^{\prime}=aQ$ and ${S}^{\prime}=bQ$, on the same elliptic curve $E\left({F}_{q}\right)$, it is computationally hard to determine a point ${P}^{\prime}=ab{Q}^{\prime}$ [57].
- Elliptic Curve Decision Diffie-Hellman Problem—For a given point ${Q}^{\prime}\in E\left({F}_{q}\right)$ and three more points, ${R}^{\prime}=a{Q}^{\prime}$, ${S}^{\prime}=b{Q}^{\prime}$, and ${T}^{\prime}=c{Q}^{\prime}$, on the same elliptic curve $E\left({F}_{q}\right)$, it is computationally not feasible to conclude whether ${T}^{\prime}=ab{Q}^{\prime}$ [58].

#### 3.3. Elliptic Curve Signcryption

#### 3.3.1. Initialization Phase

- Alice, the sender, and Bob, the receiver, agree on the elliptic curve $E,$ which is defined over finite field $GF\left({q}^{n}\right)$ with $q\ge {2}^{160}$ and$\text{}n=1$, or $q=2$ and $n\ge 160$.
- A big prime $p$ with order ${q}^{m-1}$ is selected.
- $G$ of order $p$ on elliptic curve $E\text{}$is randomly chosen, which becomes the base point of the elliptic curve.
- Keyed hash function $KH$ is chosen.
- Hash function $H$ is selected.
- Encryption algorithm $ENC$ and decryption algorithm $DEC$ are agreed upon.
- Alice randomly selects a private number ${v}_{x}\text{}$in the range $\left[1\dots p-1\right]$, which is her private key.
- Alice generates her own public key ${P}_{x\text{}}$by computing:$${P}_{x}={v}_{x}G$$
- Bob randomly selects a private number ${v}_{y}\text{}$in the range $\left[1\dots p-1\right]$ which is his private key.
- Bob generates his own public key ${P}_{y}$ by computing:$${P}_{y}={v}_{y}G$$

#### 3.3.2. Signcryption Phase

- Generate the key $K$ as:$$K=H(d{P}_{y})$$
- Divide the key $K$ is into two equal size subkeys $k$ and ${k}^{\prime}$.
- Encrypt the message $M$ using subkey $k$ as:$$c={E}_{k}\left(M\right)$$
- Compute $t$ using subkey ${k}^{\prime}$ as $t=K{H}_{{k}^{\prime}}\left(M,\text{}Blind\_Info\right)$
- Compute $s$ as:$$s=\frac{d}{t+{v}_{x}}\text{}mod\text{}q$$
- Then, Alice creates the signcrypted message $\left\{c,t,s\right\}$ and sends it to Bob.

#### 3.3.3. Un-Signcryption Phase

- Compute $w=s{v}_{y}\text{}mod\text{}q$
- If Scheme 1 is used then it regenerates the key $K$ as:$$K=H\left(w{P}_{x}+wtG\right)$$
- If Scheme 2 is used then it regenerates the key $K$ as:$$K=H\left(wG+wt{P}_{x}\right)$$
- Decrypt the ciphertext as:$$M={D}_{k}\left(c\right)$$
- Accept the message $M$ if:$$K{H}_{{k}^{\prime}}\left(M,\text{}Blin{d}_{Info}\right)=t$$

## 4. Proposed Elliptic Curve Signcryption Based Security Protocol for Smart Card (ECSSP-SC)

#### 4.1. Setup Phase

- $RGC$ chooses an elliptic curve $E$ defined on the finite field ${F}_{q}$ having parameters$\text{}\left\{q,\text{}A,\text{}B,\text{}G,\text{}n\right\}$. For parameters $A,\text{}B$, the condition $4{A}^{3}+27{B}^{2}\ne 0$ is satisfied.
- $RGC$ also chooses a hash function $Hash:\text{}{\left\{0,1\right\}}^{*}\text{}\to \text{}{\left\{0,1\right\}}^{l}$.
- The registration center $RGC$ publishes the global system parameters $\left\{q,\text{}A,\text{}B,\text{}G,\text{}n,\text{}Hash\right\}$.

#### 4.2. Registration Phase

#### 4.2.1. Registration of the SVR with RGC

- The server$SVR$ selects its identity ${I}_{S}$. It is assumed that the identity ${I}_{S}$ of the server is kept secret from all the parties except$RGC$.
- $SVR$ creates its public key as ${P}_{S}={I}_{S}G$ and communicates the message {${I}_{S}$} to the $RGC$.
- After reception of the message {${I}_{S}$}, the $RGC$ chooses a key ${K}_{RGC}$ and computes:$${v}_{R}=Hash\left({K}_{RGC}\right)$$

- $RGC$ sends the message $\left\{{K}_{RS}\right\}$ to the $SVR$.
- $SVR$ saves the key ${K}_{RS}$ confidentially.

#### 4.2.2. Registration of the USR with RGC

- The user $USR$ chooses its identity as $\text{}{I}_{U}$ and sets the password as$PWD$. The USR computes:$${S}_{U}=\text{}{I}_{U}G$$
- $USR$ randomly selects $x\in {Z}_{n}$ and computes its public key as:$${P}_{U}=xG$$

- On getting the message {${I}_{U},\text{}{R}_{U}$}, the $RGC$ generates the key:$${K}_{RS}{}^{\prime}=\left({v}_{R}\oplus {I}_{R}\right)$$$${A}_{RU}=\left({K}_{RS}{}^{\prime}\oplus {R}_{U}\right)$$

- On getting the smart card, the $USR$ saves $x$ on the smart card.

#### 4.3. Signcryption Based Mutual Authentication Phase in ECSSP-SC

- The $USR$ having the private public key pair $\{x,{P}_{U}\}$ first randomly chooses an integer $v$ and inserts the smart card into the card reader/device to start the authentication process. After entering its identity ${I}_{U}$ and the password$PWD$, the user $USR$does the following computations:

- Upon receiving the message {$c,T,w,{T}_{U}\}$ from the $USR$, the $SVR$ performs the calculations given below:

- On receipt of the message $\{{A}_{s},{T}_{S}\}$ from the$SVR$, the $USR$ does the following:

#### 4.4. Password Update Phase

- The $USR$ selects a service provider for changing their password.
- The $USR$ and the service provider are first authenticated mutually. After successful authentication, the $USR$ updates their password as $PW{D}^{New}$.
- The $USR$ makes the smart card compute:$${A}_{RU}{}^{New}=\left({A}_{RU}\oplus PWD\oplus PW{D}^{New}\right)$$
- The smart card replaces ${A}_{RU}$ with ${A}_{RU}{}^{New}$ in its storage.

## 5. Proof of Correctness

- The key $K$ generated by the $USR$ is given by:$$\begin{array}{l}K=\left(V\oplus {A}_{RU}\oplus {R}_{U}\right)=v{P}_{S}\oplus {A}_{RU}\oplus {R}_{U}\\ =\left(v{I}_{S}G\oplus {K}_{RS}{}^{\prime}\oplus {R}_{U}\oplus {R}_{U}\right)\\ =(v{I}_{S}G\oplus {K}_{RS}{}^{\prime})=(v{I}_{S}G\oplus {v}_{R}\oplus {I}_{R})\end{array}$$
- The key ${K}^{\prime}$ generated by the $SVR$ is given by:$$\begin{array}{l}{K}^{\prime}=({I}_{S}wT\oplus {K}_{RS}\oplus {I}_{S})=({I}_{S}\frac{v}{r}rG\oplus {v}_{R}\oplus {I}_{S}\oplus {I}_{R}\oplus {I}_{S})\\ =(v{I}_{S}G\oplus {v}_{R}\oplus {I}_{R})\\ =K\text{}\mathrm{which}\text{}\mathrm{is}\text{}\mathrm{the}\text{}\mathrm{key}\text{}\mathrm{generated}\text{}\mathrm{by}\text{}USR\end{array}$$

## 6. Analysis of Security Functionalities of ECSSP-SC

#### 6.1. Analysis of Security Attributes of ECSSP-SC

**Assumption**

**1.**

**Assumption**

**2.**

**Assumption**

**3.**

**Assumption**

**4.**

**Assumption**

**5.**

#### 6.1.1. Confidentiality

#### 6.1.2. Mutual Authentication

- Authentication of the$USR$by the$SVR$—When the $SVR$ gets the signcrypted message $\left\{c,T,w,{T}_{U}\right\}$ from the $USR$, it first verifies the timestamp and regenerates the key ${K}^{\prime}$ by using ${I}_{S}$ and ${K}_{RS}$. Then, it computes ${r}^{\prime}$ and ${T}^{\prime}$, and if${T}^{\prime}=T$, the $USR$ is authenticated. The value of $T$ generated by the $USR$ depends on $r$ and $G$, since $T=rG$. The value of $r$ depends on the ciphertext $c$ and the key $K$. The key $K$ generated by the $USR$ is a function of secret $v$ and password $PWD$. If an $AttackerA$ tries to pretend to be a genuine user, then they must produce the correct value of $T$. However, as per $\mathrm{Assumption}\text{}1$, the secret $v$ and password $PWD$ cannot be obtained by$AttackerA$. Thus, the signature of the user $USR$ is unforgeable.
- Authentication of the SVR by the$USR$—On receiving the message $\left\{{A}_{S}.{T}_{S}\right\}$ from the$SVR$, the $USR$ computes ${A}_{s}{}^{\prime}={E}_{K}\left(V\right)$, and if ${A}_{S}{}^{\prime}={A}_{S}$, it authenticates $SVR$. Since ${A}_{s}={E}_{{K}^{\prime}}({I}_{S}wT)$, i.e., encryption of the secret ${I}_{S}wT$, it is available only with the $SVR$ and due to the strength of the encryption algorithm mentioned in $\mathrm{Assumption}\text{}3$, an $\mathrm{Attacke}rA$ can not reveal any secret form ${A}_{s}$ and cannot forge it.

#### 6.1.3. Integrity

#### 6.1.4. Forward Security

#### 6.1.5. Availability

#### 6.1.6. Anonymity

#### 6.1.7. Non-Repudiation

#### 6.2. Analysis of Resistance Capability of ECSSP-SC against Attacks

- $Q1:Execute\left(USR,SVR,j\right)$: This query intends to model passive attacks where an $AttackerA$ captures the truthful execution of session $j$ between the $USR$ and $SVR$.
- $Q2:Send\left(X,Y.j,MSG\right)$: This query intends to models active attacks where an $AttackerA$ mimics the behavior of the party $X\in USR$ in the ${j}^{th}$ session of the protocol, and transmits the message $MSG$ to some $Y\in SVR$.
- $Q3:Corrupt\left(USR,K\right)$: This query permits an $AttackerA$ to acquire the secret key $K$ stored with the$USR$.

#### 6.2.1. Resistance to Replay Attacks

#### 6.2.2. Resistance to User Impersonation

#### 6.2.3. Resistance to Server Impersonation

#### 6.2.4. Resistance to Insider Attacks

#### 6.2.5. Resistance to Offline Password Guessing Attacks

#### 6.2.6. Resistance to Known Key Attacks

#### 6.2.7. Resistance to De-Synchronization Attacks

#### 6.2.8. Resistance to MITM (Man-in-the-Middle) Attacks

## 7. Performance Analysis of the Proposed ECSSP-SC

#### 7.1. Analysis of Computational Cost

#### 7.2. Analysis of Communication Cost

#### 7.3. Comparison of Security Attributes

#### 7.4. Comparison of Resistance Capability against Attacks

## 8. Discussion

## 9. Conclusions

## Author Contributions

## Funding

## Conflicts of Interest

## References

- Mohammed, L.A.; Ramli, A.R.; Prakash, V.; Daud, M.B. Smart card technology: Past, present, and future. Int. J. Comput. Internet Manag.
**2004**, 12, 12–22. [Google Scholar] - Fernandes, N.A. Reliable Electronic Certification on Mobile Devices. Master’s Thesis, University of Lisbon, Lisbon, Portugal, 2015. [Google Scholar]
- Ko, H.; Caytiles, R.D. A Review of Smartcard Security Issues. J. Secur. Eng.
**2011**, 8, 359–370. [Google Scholar] - Pippal, R.S.; Jaidhar, C.D.; Tapaswi, S. Security issues in smart card authentication scheme. Int. J. Comput. Theory Eng.
**2012**, 4, 206–211. [Google Scholar] [CrossRef] [Green Version] - Singh, A.K.; Patro, B.D.K. Security of Low Computing Power Devices: A Survey of Requirements, Challenges & Possible Solutions. Cybern. Inf. Technol.
**2019**, 19, 133–164. [Google Scholar] - Mahanta, H.J.; Azad, A.K.; Khan, A.K. Power analysis attack: A vulnerability to smart card security. In Proceedings of the 2015 International Conference on Signal Processing and Communication Engineering Systems, Guntur, India, 2–3 January 2015; pp. 506–510. [Google Scholar]
- Zhao, Y.; Li, S.; Jiang, L. Secure and efficient user authentication scheme based on password and smart card for multiserver environment. Secur. Commun. Netw.
**2018**, 2018. [Google Scholar] [CrossRef] - Chang, C.C.; Wu, T.C. Remote password authentication with smart cards. IEE Proc. E (Comput. Digit. Tech.)
**1991**, 138, 165–168. [Google Scholar] [CrossRef] [Green Version] - Das, M.L.; Saxena, A.; Gulati, V.P. A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron.
**2004**, 50, 629–631. [Google Scholar] [CrossRef] [Green Version] - Liao, I.E.; Lee, C.C.; Hwang, M.S. Security enhancement for a dynamic ID-based remote user authentication scheme. In Proceedings of the International Conference on Next Generation Web Services Practices (NWeSP’05), Seoul, Korea, 22–26 August 2005; Volume 4. [Google Scholar]
- Yeh, K.H.; Su, C.; Lo, N.W.; Li, Y.; Hung, Y.X. Two robust remote user authentication protocols using smart cards. J. Syst. Softw.
**2010**, 83, 2556–2565. [Google Scholar] [CrossRef] - Khan, M.K.; Kim, S.K.; Alghathbar, K. Cryptanalysis and security enhancement of a more efficient & secure dynamic ID-based remote user authentication scheme. Comput. Commun.
**2011**, 34, 305–309. [Google Scholar] - Liao, Y.P.; Wang, S.S. A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces
**2009**, 31, 24–29. [Google Scholar] [CrossRef] - Hsiang, H.C.; Shih, W.K. Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces
**2009**, 31, 1118–1123. [Google Scholar] [CrossRef] - Sood, S.K.; Sarje, A.K.; Singh, K. A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl.
**2011**, 34, 609–618. [Google Scholar] [CrossRef] - Pippal, R.S.; Jaidhar, C.D.; Tapaswi, S. Robust smart card authentication scheme for multi-server architecture. Wirel. Pers. Commun.
**2013**, 72, 729–745. [Google Scholar] [CrossRef] - Yeh, K.H. A provably secure multi-server based authentication scheme. Wirel. Pers. Commun.
**2014**, 79, 1621–1634. [Google Scholar] [CrossRef] - Zhang, L.; Tang, S.; Cai, Z. Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int. J. Commun. Syst.
**2014**, 27, 2691–2702. [Google Scholar] [CrossRef] - Farash, M.S.; Attari, M.A. An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards. Int. J. Commun. Syst.
**2016**, 29, 1956–1967. [Google Scholar] [CrossRef] - Odelu, V.; Das, A.K.; Goswami, A. An effective and robust secure remote user authenticated key agreement scheme using smart cards in wireless communication systems. Wirel. Pers. Commun.
**2015**, 84, 2571–2598. [Google Scholar] [CrossRef] - Islam, S.H. Design and analysis of an improved smartcard-based remote user password authentication scheme. Int. J. Commun. Syst.
**2016**, 29, 1708–1719. [Google Scholar] [CrossRef] - Wang, D.; Wang, N.; Wang, P.; Qing, S. Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity. Inf. Sci.
**2015**, 321, 162–178. [Google Scholar] [CrossRef] - Challa, S.; Das, A.K.; Kumari, S.; Odelu, V.; Wu, F.; Li, X. Provably secure three-factor authentication and key agreement scheme for session initiation protocol. Secur. Commun. Netw.
**2016**, 9, 5412–5431. [Google Scholar] [CrossRef] - Dhillon, P.K.; Kalra, S. Secure and efficient ECC based SIP authentication scheme for VoIP communications in internet of things. Multimed. Tools Appl.
**2019**, 78, 22199–22222. [Google Scholar] [CrossRef] - Reddy, A.G.; Das, A.K.; Yoon, E.J.; Yoo, K.Y. A secure anonymous authentication protocol for mobile services on elliptic curve cryptography. IEEE Access
**2016**, 4, 4394–4407. [Google Scholar] [CrossRef] - Wu, H.L.; Chang, C.C.; Chen, L.S. On the Security of a Secure Anonymous Authentication Protocol for Mobile Services on Elliptic Curve Cryptography. In Proceedings of the 6th International Conference on Information Technology: IoT and Smart City, Hong Kong, 29–31 December 2018; pp. 88–91. [Google Scholar]
- Chaudhry, S.A.; Naqvi, H.; Mahmood, K.; Ahmad, H.F.; Khan, M.K. An improved remote user authentication scheme using elliptic curve cryptography. Wirel. Pers. Commun.
**2017**, 96, 5355–5373. [Google Scholar] [CrossRef] - Huang, B.; Khan, M.K.; Wu, L.; Muhaya, F.T.B.; He, D. An efficient remote user authentication with key agreement scheme using elliptic curve cryptography. Wirel. Pers. Commun.
**2015**, 85, 225–240. [Google Scholar] [CrossRef] - Truong, T.T.; Tran, M.T.; Duong, A.D.; Echizen, I. Provable identity based user authentication scheme on ECC in multi-server environment. Wirel. Pers. Commun.
**2017**, 95, 2785–2801. [Google Scholar] [CrossRef] - Chandrakar, P.; Om, H. An efficient two-factor remote user authentication and session key agreement scheme using rabin cryptosystem. Arab. J. Sci. Eng.
**2018**, 43, 661–673. [Google Scholar] [CrossRef] - Jiang, Q.; Zeadally, S.; Ma, J.; He, D. Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks. IEEE Access
**2017**, 5, 3376–3392. [Google Scholar] [CrossRef] - Qiu, S.; Xu, G.; Ahmad, H.; Wang, L. A robust mutual authentication scheme based on elliptic curve cryptography for telecare medical information systems. IEEE Access
**2017**, 6, 7452–7463. [Google Scholar] [CrossRef] - Zhang, Y.; Xie, K.; Ruan, O. An improved and efficient mutual authentication scheme for session initiation protocol. PLoS ONE
**2019**, 14, e0213688. [Google Scholar] [CrossRef] - Kumari, S.; Karuppiah, M.; Das, A.K.; Li, X.; Wu, F.; Gupta, V. Design of a secure anonymity-preserving authentication scheme for session initiation protocol using elliptic curve cryptography. J. Ambient Intell. Humaniz. Comput.
**2018**, 9, 643–653. [Google Scholar] [CrossRef] - Qiu, S.; Xu, G.; Ahmad, H.; Xu, G.; Qiu, X.; Xu, H. An Improved Lightweight Two-Factor Authentication and Key Agreement Protocol with Dynamic Identity Based on Elliptic Curve Cryptography. TIIS
**2019**, 13, 978–1002. [Google Scholar] - Limbasiya, T.; Soni, M.; Mishra, S.K. Advanced formal authentication protocol using smart cards for network applicants. Comput. Electr. Eng.
**2018**, 66, 50–63. [Google Scholar] [CrossRef] - Dharminder, D.; Rana, S.; Kundu, N.; Mishra, D. Construction of lightweight authentication scheme for network applicants using smart cards. Sādhanā
**2020**, 45, 15. [Google Scholar] [CrossRef] - Sureshkumar, V.; Amin, R.; Anitha, R. A robust mutual authentication scheme for session initiation protocol with key establishment. Peer Netw. Appl.
**2020**, 11, 900–916. [Google Scholar] [CrossRef] - Sourav, S.; Odelu, V.; Prasath, R. Enhanced session initiation protocols for emergency healthcare applications. In International Symposium on Security in Computing and Communication; Springer: Singapore, 2018; pp. 278–289. [Google Scholar]
- Qiu, S.; Xu, G.; Ahmad, H.; Guo, Y. An enhanced password authentication scheme for session initiation protocol with perfect forward secrecy. PLoS ONE
**2018**, 13, e0194072. [Google Scholar] [CrossRef] [Green Version] - Nikooghadam, M.; Amintoosi, H. A secure and robust elliptic curve cryptography-based mutual authentication scheme for session initiation protocol. Secur. Priv.
**2020**, 3, e92. [Google Scholar] [CrossRef] - Shouqi, C.; Wanrong, L.; Liling, C.; Xin, H.; Zhiyong, J. An Improved Authentication Protocol Using Smart Cards for the Internet of Things. IEEE Access
**2019**, 7, 157284–157292. [Google Scholar] [CrossRef] - Zhao, Y.; Li, S.; Jiang, L.; Liu, T. Security-enhanced three-factor remote user authentication scheme based on Chebyshev chaotic maps. Int. J. Distrib. Sens. Netw.
**2019**, 15, 1–12. [Google Scholar] [CrossRef] - Dharminder, D.; Gupta, P. Security analysis and application of Chebyshev Chaotic map in the authentication protocols. Int. J. Comput. Appl.
**2019**, 1–9. [Google Scholar] [CrossRef] - Zheng, L.; Xue, Y.; Zhang, L.; Zhang, R. Mutual Authentication Protocol for RFID based on ECC. In Proceedings of the IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), Guangzhou, China, 21–24 July 2017; Volume 2, pp. 320–323. [Google Scholar]
- Wang, F.; Xu, G.; Xu, G.; Wang, Y.; Peng, J. A Robust IoT-Based Three-Factor Authentication Scheme for Cloud Computing Resistant to Session Key Exposure. Wirel. Commun. Mob. Comput.
**2020**, 2020, 3805058. [Google Scholar] [CrossRef] - Ghaffar, Z.; Ahmed, S.; Mahmood, K.; Islam, S.H.; Hassan, M.M.; Fortino, G. An Improved Authentication Scheme for Remote Data Access and Sharing over Cloud Storage in Cyber-Physical-Social-Systems. IEEE Access
**2020**, 8, 47144–47160. [Google Scholar] [CrossRef] - Yu, Y.; Hu, L.; Chu, J. A Secure Authentication and Key Agreement Scheme for IoT-Based Cloud Computing Environment. Symmetry
**2020**, 12, 150. [Google Scholar] [CrossRef] [Green Version] - Ostad-Sharif, A.; Abbasinezhad-Mood, D.; Nikooghadam, M. A robust and efficient ECC-based mutual authentication and session key generation scheme for healthcare applications. J. Med. Syst.
**2019**, 43, 10. [Google Scholar] [CrossRef] [PubMed] - Kumari, S.; Chaudhary, P.; Chen, C.M.; Khan, M.K. Questioning key compromise attack on Ostad-Sharif et al.’s authentication and session key generation scheme for healthcare applications. IEEE Access
**2019**, 7, 39717–39720. [Google Scholar] [CrossRef] - Choudhary, K.; Gaba, G.S.; Butun, I.; Kumar, P. MAKE-IT—A Lightweight Mutual Authentication and Key Exchange Protocol for Industrial Internet of Things. Sensors
**2020**, 20, 5166. [Google Scholar] [CrossRef] - Mandal, S.; Bera, B.; Sutrala, A.K.; Das, A.K.; Choo, K.K.R.; Park, Y. Certificateless-Signcryption-Based three-factor user access control scheme for IoT environment. IEEE Internet Things J.
**2020**, 7, 3184–3197. [Google Scholar] [CrossRef] - Rajasekar, V.; Premalatha, J.; Sathya, K. Multi-factor signcryption scheme for secure authentication using hyper elliptic curve cryptography and bio-hash function. Bull. Pol. Acad. Sci. Tech. Sci.
**2020**, 68, 923–935. [Google Scholar] - Martínez, V.G.; Encinas, L.H. Developing ECC applications in Java Card. In Proceedings of the 2013 9th International Conference on Information Assurance and Security (IAS), Gammarth, Tunisia, 4–6 December 2013; pp. 114–120. [Google Scholar]
- Mo, J.; Hu, Z.; Chen, H.; Shen, W. An efficient and provably secure anonymous user authentication and key agreement for mobile cloud computing. Wirel. Commun. Mob. Comput.
**2019**, 2019. [Google Scholar] [CrossRef] - Lauter, K.E.; Stange, K.E. The elliptic curve discrete logarithm problem and equivalent hard problems for elliptic divisibility sequences. In International Workshop on Selected Areas in Cryptography; Springer: Berlin/Heidelberg, Germany, 2018; pp. 309–327. [Google Scholar]
- Shparlinski, I. Computational Diffie-Hellman problem. In Encyclopedia of Cryptography and Security; Springer: Berlin/Heidelberg, Germany, 2011; pp. 240–244. [Google Scholar]
- Boneh, D. The decision diffie-hellman problem. In International Algorithmic Number Theory Symposium; Springer: Berlin/Heidelberg, Germany, 1998; pp. 48–63. [Google Scholar]
- Zheng, Y.; Imai, H. How to construct efficient signcryption schemes on elliptic curves. Inf. Process. Lett.
**1998**, 68, 227–233. [Google Scholar] [CrossRef] - Ouafi, K.; Phan, R.C.W. Traceable privacy of recent provably-secure RFID protocols. In International Conference on Applied Cryptography and Network Security; Springer: Berlin/Heidelberg, Germany, 2008; pp. 479–489. [Google Scholar]
- Xie, Q.; Wong, D.S.; Wang, G.; Tan, X.; Chen, K.; Fang, L. Provably secure dynamic ID-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Trans. Inf. Forensics Secur.
**2017**, 12, 1382–1392. [Google Scholar] [CrossRef]

**Figure 1.**Architecture of a smart card. CPU: central processing unit, ROM: read-only memory, RAM: random access memory, EEPROM: electrically erasable programmable read-only memory.

Shortened Scheme | Signature $\left\{\mathit{t},\mathit{w}\right\}$ | Signature Verification |
---|---|---|

Scheme 1 | $t=Hash\left(vG,M\right)$ $w=\left(v/t+x\right)modq$ | $Z=w\left(X+tG\right)$ $CheckifHash\left(Z,M\right)=t$ |

Scheme 2 | $t=Hash\left(vG,M\right)$ $w=\left(v/1+xt\right)modq$ | $Z=w\left(G+tX\right)$ $CheckifHash\left(Z,M\right)=t$ |

**Table 2.**Symbols and notations used in the proposed Elliptic Curve Signcryption based Security Protocol for Smart Cards (ECSSP-SC).

Symbol | Denotation |
---|---|

$q$, n | Two large prime numbers |

${F}_{q}$ | Finite field over prime number $q$ |

$E$ | Elliptic curve defined on ${F}_{q}$ |

$A,\text{}B$ | Parameters for elliptic curve$\text{}E$ |

$O$ | Point on infinity |

$G$ | Base point of E |

$USR$ | User having smart card |

$SVR$ | Server providing service |

$RGC$ | Registration center |

$v$ | Randomly selected integer by $USR$ |

${I}_{R}$ | Identity of $RGC$ |

${I}_{S}$ | Identity of $SVR$ |

${I}_{U}$ | Identity of $USR$ |

$Hash$ | Hash computation |

${P}_{S}$ | Server’s public key |

$PWD$ | Password of $USR$ |

${T}_{C}$ | Current timestamp |

$t$ | Expected delay |

Protocol | Technique Used | ||
---|---|---|---|

Modular Exponentiation | Elliptic Curve Cryptography | Signcryption | |

Zhao et al. [7] | × | ✓ | × |

Yeh [11] | ✓ | × | × |

Wang et al. [22] | ✓ | × | × |

Chaudhary et al. [27] | × | ✓ | × |

Truong et al. [29] | × | ✓ | × |

Ghaffar et al. [47] | × | ✓ | × |

Ostad-Sharif et al. [49] | × | ✓ | × |

Mo et al. [55] | × | ✓ | × |

Xie et al. [61] | × | ✓ | × |

ECSSP-SC | × | ✓ | ✓ |

Protocol | No. of ECPM and Modular Exponentiation Operations Performed | |||||
---|---|---|---|---|---|---|

USR | SVR | Total | ||||

P_{M} | M_{E} | P_{M} | M_{E} | P_{M} | M_{E} | |

Zhao et al. [7] | 2 | 0 | 2 | 0 | 4 | 0 |

Yeh [11] | 0 | 2 | 0 | 4 | 0 | 6 |

Wang et al. [22] | 0 | 2 | 0 | 1 | 0 | 3 |

Chaudhary et al. [27] | 3 | 0 | 3 | 0 | 6 | 0 |

Truong et al. [29] | 2 | 0 | 2 | 0 | 4 | 0 |

Ghaffar et al. [47] | 3 | 0 | 2 | 0 | 5 | 0 |

Ostad-Sharif et al. [49] | 2 | 0 | 2 | 0 | 4 | 0 |

Mo et al. [55] | 3 | 0 | 3 | 0 | 6 | 0 |

Xie et al. [61] | 3 | 0 | 3 | 0 | 6 | 0 |

ECSSP-SC | 2 | 0 | 2 | 0 | 4 | 0 |

_{M}—elliptic curve point multiplication, M

_{E}—modular exponentiation.

Protocol | Security Properties | ||||||
---|---|---|---|---|---|---|---|

M_{UA} | N_{RP} | F_{WS} | A_{NY} | C_{ON} | I_{NT} | A_{VA} | |

Zhao et al. [7] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |

Yeh [11] | × | ✓ | × | × | × | × | ✓ |

Wang et al. [22] | ✓ | ✓ | × | ✓ | × | × | ✓ |

Chaudhary et al. [27] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |

Truong et al. [29] | ✓ | ✓ | × | ✓ | × | × | ✓ |

Ghaffar et al. [47] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |

Ostad-Sharif et al. [49] | ✓ | ✓ | × | ✓ | × | × | ✓ |

Mo et al. [55] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |

Xie et al. [61] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |

ECSSP-SC | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |

_{UA}—mutual authentication, F

_{WS}—forward security, N

_{RP}—non-repudiation, A

_{NY}—anonymity, C

_{ON}—confidentiality, I

_{NT}—integrity, A

_{VA}—availability, ✓—satisfied, ×—not satisfied.

Protocol | Resistance to Attacks | |||||||
---|---|---|---|---|---|---|---|---|

RP_{A} | KK_{A} | US_{I} | SV_{I} | IN_{S} | PG_{A} | DE_{A} | MI_{A} | |

Zhao et al. [7] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |

Yeh [11] | ✓ | ✓ | × | × | ✓ | × | × | ✓ |

Wang et al. [22] | ✓ | ✓ | ✓ | ✓ | ✓ | × | ✓ | ✓ |

Chaudhary et al. [27] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |

Truong et al. [29] | ✓ | ✓ | × | × | ✓ | × | ✓ | ✓ |

Ghaffar et al. [47] | ✓ | × | ✓ | ✓ | × | ✓ | ✓ | ✓ |

Ostad-Sharif et al. [49] | ✓ | ✓ | × | × | ✓ | × | ✓ | ✓ |

Mo et al. [55] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |

Xie et al. [61] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |

ECSSP-SC | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |

_{A}—replay attack, KK

_{A}—known key attack, US

_{I}—user impersonation, SV

_{I}—server impersonation, IN

_{S}—insider attack, PG

_{A}—password guessing attack, DE

_{A}—de-synchronization attack, MI

_{A}—man-in-the-middle attack, ✓—satisfied, ×—not satisfied.

Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |

© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Singh, A.K.; Solanki, A.; Nayyar, A.; Qureshi, B.
Elliptic Curve Signcryption-Based Mutual Authentication Protocol for Smart Cards. *Appl. Sci.* **2020**, *10*, 8291.
https://doi.org/10.3390/app10228291

**AMA Style**

Singh AK, Solanki A, Nayyar A, Qureshi B.
Elliptic Curve Signcryption-Based Mutual Authentication Protocol for Smart Cards. *Applied Sciences*. 2020; 10(22):8291.
https://doi.org/10.3390/app10228291

**Chicago/Turabian Style**

Singh, Anuj Kumar, Arun Solanki, Anand Nayyar, and Basit Qureshi.
2020. "Elliptic Curve Signcryption-Based Mutual Authentication Protocol for Smart Cards" *Applied Sciences* 10, no. 22: 8291.
https://doi.org/10.3390/app10228291