# A Robust and Effective Two-Factor Authentication (2FA) Protocol Based on ECC for Mobile Computing

^{1}

^{2}

^{3}

^{*}

## Abstract

**:**

## 1. Introduction

#### 1.1. Related Work

#### 1.2. Motivations and Contribution

- 1.
- Design of a 2FA protocol for mobile computing

- 2.
- The semantic security of the 2FA protocol

- 3.
- Performance analysis of the 2FA protocol

## 2. Preliminaries

#### 2.1. System Model

#### 2.2. Notations

#### 2.3. Adversary Model

- By means of power analysis or other side-channel techniques, the parameters preserved in the smart card of the user can be obtained by the adversary $\mathcal{A}$;
- $\mathcal{A}$ can intercept, eavesdrop on, and modify transmitted messages in the public channel;
- $\mathcal{A}$ can enumerate all pairs $\left(P{W}_{i},I{D}_{i}\right)$ in $\left({\mathcal{D}}_{PW},{\mathcal{D}}_{ID}\right)$ in polynomial time, where ${\mathcal{D}}_{ID}$ and ${\mathcal{D}}_{PW}$ represent the spaces of the identifier and password, respectively;
- $\mathcal{A}$ can also register as a legal user in cases in which anyone can register;
- $\mathcal{A}$ may be able to obtain previous session keys (e.g., through digital forensic techniques [42]) due to unsuitable erasure;
- When evaluating the forward secrecy, $\mathcal{A}$ is assumed to have obtained the long-term private key of the service provider.

## 3. Proposed Protocol

- The user only sends $I{D}_{i}$ to the service provider and the protocol uses fuzzy verification technology to design password login verifiers in the registration phase to resist attacks from privileged insiders;
- To resist password-guessing attacks where the adversary leverages the verifier to guess the password, we used the “Fuzzy-Verifiers” and “Honeywords” technologies [42] to set the verifiers of the password $P{W}_{i}$; i.e., ${A}_{i}=H\left(I{D}_{i}\parallel P{W}_{i}\parallel {a}_{i}\right)\mathrm{m}\mathrm{o}\mathrm{d}{n}_{0},RP{W}_{i}=H\left(I{D}_{i}\parallel P{W}_{i}\right)\mathrm{m}\mathrm{o}\mathrm{d}{n}_{0}$;
- In terms of guaranteeing efficiency and forward secrecy [53], we applied lightweight ECC to ensure the 2FA protocol’s efficiency and, in addition to the long-term key, we added a secret value that cannot be obtained by the adversary in the calculation of the session key to ensure forward secrecy;
- To resist key-compromise impersonation attacks, we included a secret parameter ${r}_{i}$ that can be stored with the service provider securely (e.g., stored in an auxiliary server, as with [17]). Consequently, $\mathcal{A}$ is unable to acquire the value of ${V}_{i}$ with ${r}_{i}$ to forge the login request message ${M}_{1}$;
- To ensure the user’s un-traceability, a dynamic ${M}_{2}$ computed with the dynamic parameters ${K}_{2}\mathrm{a}\mathrm{n}\mathrm{d}{V}_{i}$ prohibits the adversary from tracing the unchanged identity of the user.

#### 3.1. System Setup Phase

#### 3.2. Registration Phase

#### 3.3. Login and Mutual Authentication Phase

#### 3.4. Password Update Phase

## 4. Security Analysis

#### 4.1. Formal Security Proof

#### 4.1.1. Basics for the Security Proof

- Execute $\left({U}^{i},{S}^{j}\right)$: This query catches the eavesdropping of a protocol and, correspondingly, all communication records between ${U}^{i}$ and ${S}^{j}$ are included in its output;
- Send $\left({U}^{i},Start\right)$: This query represents the initialization of protocol $\mathcal{P}$;
- Send $\left({I}^{i},m\right)$: This query captures active attacks. More specifically, by intercepting and blocking a message, an imitative message $m$ is created by $\mathcal{A}$. Subsequently, $\mathcal{A}$ conveys $m$ to ${I}^{i}$ and then obtains the feedback from ${I}^{i}$;
- Reveal $\left({I}^{i}\right)$: This query models the misapplication of the session key. When ${I}^{i}$ recognizes the session and creates an $SK$, it returns ${I}^{i}$’s session key $SK$ to $\mathcal{A}$. Otherwise, it responds with $\perp $, which means no response;
- Test $\left({I}^{i}\right)$: The session key’s semantic security is modeled with this query. A coin $b$ is flipped when the query is received. If $b=0$, a random secret key of the same size as $SK$ is then sent to $\mathcal{A}$. If $b=1$, then $SK$ is sent to $\mathcal{A}$. A “$\perp $” is sent to $\mathcal{A}$ if no $SK$ for ${I}^{i}$ is created. This query can be invoked momentarily (but only once) during the simulation of the adversary;
- Corrupt $\left({U}^{i}\right)$: With this query, the secret data preserved by the user can be acquired by $\mathcal{A}$.

#### 4.1.2. Security Proof

**Lemma**

**1.**

**Theorem**

**1.**

**Proof.**

#### 4.2. Heuristic Analysis

#### 4.2.1. Timely Password Typo Detection

#### 4.2.2. User Anonymity and Un-Traceability

#### 4.2.3. Privileged Insider Attack

#### 4.2.4. Key-Compromise User Impersonation Attack

#### 4.2.5. Server Impersonation Attack

#### 4.2.6. Password-Guessing Attack

#### 4.2.7. De-Synchronization Attack

#### 4.2.8. Replay Attack

#### 4.2.9. Man-in-the-Middle Attack

#### 4.2.10. Mutual Authentication

#### 4.2.11. Forward Secrecy of the Session Key

#### 4.3. Formal Verification Analysis Using ProVerif

#### 4.3.1. Definition of Parameters in ProVerif

#### 4.3.2. Code for Process in ProVerif

## 5. Summary Comparison: Functionality and Performance

#### 5.1. Security Evaluation Criteria

#### 5.2. Functionality Comparison

#### 5.3. Communication and Computation Cost Comparison

## 6. Conclusions

## Author Contributions

## Funding

## Institutional Review Board Statement

## Informed Consent Statement

## Data Availability Statement

## Conflicts of Interest

## References

- O’Dea, S. Forecast Number of Mobile Users Worldwide 2020–2025. Available online: https://www.statista.com/statistics/218984/number-of-globalmobile-users-since-2010 (accessed on 2 April 2021).
- Available online: http://px.tcnet.com.cn/news/industry/2568.html (accessed on 10 February 2023).
- Available online: http://www.360doc.com/content/20/0901/16/71368091_933437844.shtml (accessed on 2 September 2020).
- Wazid, M.; Das, A.K.; Kumar, N.; Rodrigues, J.J. Secure three-factor user authentication scheme for renewable-energy-based smart grid environment. IEEE Trans. Ind. Inform.
**2017**, 13, 3144–3153. [Google Scholar] [CrossRef] - Islam, S.H.; Vijayakumar, P.; Bhuiyan, M.Z.A.; Amin, R.; Balusamy, B. A provably secure three-factor session initiation protocol for multimedia big data communications. IEEE Internet Things J.
**2017**, 5, 3408–3418. [Google Scholar] [CrossRef] - Wang, C.; Wang, D.; Tu, Y.; Xu, G.; Wang, H. Understanding node capture attacks in user authentication schemes for wireless sensor networks. IEEE Trans. Dependable Secur. Comput.
**2020**, 19, 507–523. [Google Scholar] [CrossRef] - Zou, S.; Cao, Q.; Wang, C.; Huang, Z.; Xu, G. A robust two-factor user authentication scheme-based ecc for smart home in iot. IEEE Syst. J.
**2022**, 16, 4938–4949. [Google Scholar] [CrossRef] - Wang, Q.; Wang, D. Understanding Failures in Security Proofs of Multi-Factor Authentication for Mobile Devices. IEEE Trans. Inf. Forensics Secur.
**2022**, 18, 597–612. [Google Scholar] [CrossRef] - Gope, P.; Lee, J.; Quek, T.Q. Lightweight and practical anonymous authentication protocol for RFID systems using physically unclonable functions. IEEE Trans. Inf. Forensics Secur.
**2018**, 13, 2831–2843. [Google Scholar] [CrossRef] - Yang, Z.; He, J.; Tian, Y.; Zhou, J. Faster authenticated key agreement with perfect forward secrecy for industrial internet-of-things. IEEE Trans. Ind. Inform.
**2019**, 16, 6584–6596. [Google Scholar] [CrossRef] - Das, M.L.; Saxena, A.; Gulati, V.P. A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron.
**2004**, 50, 629–631. [Google Scholar] [CrossRef] [Green Version] - Ma, C.G.; Wang, D.; Zhao, S.D. Security flaws in two improved remote user authentication schemes using smart cards. Int. J. Commun. Syst.
**2014**, 27, 2215–2227. [Google Scholar] [CrossRef] - Hankerson, D.; Menezes, A.; Vanstone, S. Guide to Elliptic Curve Cryptography; Springer Science & Business Media: New York, NY, USA, 2006. [Google Scholar]
- Rivest, R.L.; Shamir, A.; Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM
**1978**, 21, 120–126. [Google Scholar] [CrossRef] [Green Version] - Zhang, F.; Safavi-Naini, R.; Susilo, W. An efficient signature scheme from bilinear pairings and its applications. In Proceedings of the Public Key Cryptography—PKC 2004: 7th International Workshop on Theory and Practice in Public Key Cryptography, Singapore, 1–4 March 2004; pp. 277–290. [Google Scholar]
- Durlanik, A.; Sogukpinar, I. SIP authentication scheme using ECDH. Proc. Work. Acad. Sci. Eng. Technol.
**2005**, 8, 350–353. [Google Scholar] - Wang, D.; Cheng, H.; He, D.; Wang, P. On the challenges in designing identity-based privacy-preserving authentication schemes for mobile devices. IEEE Syst. J.
**2016**, 12, 916–925. [Google Scholar] [CrossRef] - Lamport, L. Password authentication with insecure communication. Commun. ACM
**1981**, 24, 770–772. [Google Scholar] [CrossRef] [Green Version] - Arkko, J.; Torvinen, V.; Camarillo, G.; Niemi, A.; Haukka, T. Security mechanism agreement for SIP sessions. Doc. RFC
**2003**, 3329, 1–24. [Google Scholar] - Fotouhi, M.; Bayat, M.; Das, A.K.; Far, H.A.N.; Pournaghi, S.M.; Doostari, M.A. A lightweight and secure two-factor authentication scheme for wireless body area networks in health-care IoT. Comput. Netw.
**2020**, 177, 107333. [Google Scholar] [CrossRef] - Chatterjee, S.; Roy, S.; Das, A.K.; Chattopadhyay, S.; Kumar, N.; Vasilakos, A.V. Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment. IEEE Trans. Dependable Secur. Comput.
**2016**, 15, 824–839. [Google Scholar] [CrossRef] - Wang, D.; Wang, P. On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions. Comput. Netw.
**2014**, 73, 41–57. [Google Scholar] [CrossRef] - Vivekanandan, M.; Sastry, V.N.; Srinivasulu Reddy, U. Efficient user authentication protocol for distributed multimedia mobile cloud environment. J. Ambient Intell. Hum. Comput.
**2020**, 11, 1933–1956. [Google Scholar] [CrossRef] - Hsu, C.L.; Le, T.V.; Hsieh, M.C.; Tsai, K.Y.; Lu, C.F.; Lin, T.W. Three-factor UCSSO scheme with fast authentication and privacy protection for telecare medicine information systems. IEEE Access
**2020**, 8, 196553–196566. [Google Scholar] [CrossRef] - Hsu, C.L.; Le, T.V.; Lu, C.F.; Lin, T.W.; Chuang, T.H. A privacy-preserved E2E authenticated key exchange protocol for multi-server architecture in edge computing networks. IEEE Access
**2020**, 8, 40791–40808. [Google Scholar] [CrossRef] - Zhang, Y.; Xu, C.; Li, H.; Yang, K.; Cheng, N.; Shen, X. PROTECT: Efficient password-based threshold single-sign-on authentication for mobile users against perpetual leakage. IEEE. Trans. Mob. Comput.
**2020**, 20, 2297–2312. [Google Scholar] [CrossRef] - Vivekanandan, M.; U, S.R. Blockchain based privacy preserving user authentication protocol for distributed mobile cloud environment. Peer-to-Peer Netw. Appl.
**2021**, 14, 1572–1595. [Google Scholar] [CrossRef] - Lin, T.W.; Hsu, C.L.; Le, T.V.; Lu, C.F.; Huang, B.Y. A smartcard-based user-controlled single sign-on for privacy preservation in 5G-IoT telemedicine systems. Sensors
**2021**, 21, 2880. [Google Scholar] [CrossRef] [PubMed] - Meshram, C.; Ibrahim, R.W.; Deng, L.; Shende, S.W.; Meshram, S.G.; Barve, S.K. A robust smart card and remote user password-based authentication protocol using extended chaotic maps under smart cities environment. Soft Comput.
**2021**, 25, 10037–10051. [Google Scholar] [CrossRef] - Meher, B.K.; Amin, R. A location-based multi-factor authentication scheme for mobile devices. Int. J. Ad Hoc Ubiquitous Comput.
**2022**, 41, 181–190. [Google Scholar] [CrossRef] - Le, T.V.; Lu, C.F.; Hsu, C.L.; Do, T.K.; Chou, Y.F.; Wei, W.C. A novel three-factor authentication protocol for multiple service providers in 6G-aided intelligent healthcare systems. IEEE Access
**2022**, 10, 28975–28990. [Google Scholar] [CrossRef] - Gope, P.; Sikdar, B. Lightweight and privacy-preserving two-factor authentication scheme for IoT devices. IEEE Internet Things J.
**2018**, 6, 580–589. [Google Scholar] [CrossRef] - Kaveh, M.; Mosavi, M.R. A lightweight mutual authentication for smart grid neighborhood area network communications based on physically unclonable function. IEEE Syst. J.
**2020**, 14, 4535–4544. [Google Scholar] [CrossRef] - Qiu, S.; Wang, D.; Xu, G.; Kumari, S. Practical and provably secure three-factor authentication protocol based on extended chaotic-maps for mobile lightweight devices. IEEE Trans. Dependable Secur. Comput.
**2020**, 19, 1338–1351. [Google Scholar] [CrossRef] - Liu, Y.; Xue, K. An improved secure and efficient password and chaos-based two-party key agreement protocol. Nonlinear Dyn.
**2016**, 84, 549–557. [Google Scholar] [CrossRef] - Tsai, J.L.; Lo, N.W.; Wu, T.C. Novel anonymous authentication scheme using smart cards. IEEE Trans. Ind. Inform.
**2012**, 9, 2004–2013. [Google Scholar] [CrossRef] - Roy, S.; Chatterjee, S.; Das, A.K.; Chattopadhyay, S.; Kumari, S.; Jo, M. Chaotic map-based anonymous user authentication scheme with user biometrics and fuzzy extractor for crowdsourcing Internet of Things. IEEE Internet Things J.
**2017**, 5, 2884–2895. [Google Scholar] [CrossRef] - Zhu, H.; Hao, X. A provable authenticated key agreement protocol with privacy protection using smart card based on chaotic maps. Nonlinear Dyn.
**2015**, 81, 311–321. [Google Scholar] [CrossRef] - Shin, S.; Kobara, K. Security analysis of password-authenticated key retrieval. IEEE Trans. Dependable Secur. Comput.
**2015**, 14, 573–576. [Google Scholar] - IEEE P1363.2/D11; Standard Specifications for Password-Based Public-Key Cryptographic Techniques. IEEE P1363 Working Group: New York, NY, USA, 2003.
- Jablon, D.P. Password authentication using multiple servers. In Proceedings of the Topics in Cryptology—CT-RSA 2001: The Cryptographers’ Track at RSA Conference 2001, San Francisco, CA, USA, 8–12 April 2001; pp. 344–360. [Google Scholar]
- Wang, D.; Wang, P. Two birds with one stone: Two-factor authentication with security beyond conventional bound. IEEE Trans. Dependable Secur. Comput.
**2016**, 15, 708–722. [Google Scholar] [CrossRef] - Blanchet, B.; Smyth, B.; Cheval, V.; Sylvestre, M. Proverif 2.02 pl1: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial; Technical Report. 2020. Available online: https://opam.ocaml.org/packages/proverif/proverif.2.02pl1/ (accessed on 5 September 2020).
- Wang, D.; Wang, P. On the implications of Zipf’s law in passwords. In Computer Security—ESORICS, Proceedings of the 21st European Symposium on Research in Computer Security, Heraklion, Greece, 26–30 September 2016; Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C., Eds.; Springer: Cham, Switzerland, 2016; pp. 111–131. [Google Scholar]
- Wang, D.; He, D.; Wang, P.; Chu, C.H. Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Trans. Dependable Secur. Comput.
**2014**, 12, 428–442. [Google Scholar] [CrossRef] - Eisenbarth, T.; Kasper, T.; Moradi, A.; Paar, C.; Salmasizadeh, M.; Shalmani, M.T.M. On the power of power analysis in the real world: A complete break of the KeeLoq code hopping scheme. In Advances in Cryptology—CRYPTO, Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA, 17–21 August 2008; Wagner, D., Ed.; Springer: Berlin/Heidelberg, Germany, 2008; pp. 203–220. [Google Scholar]
- Kocher, P.; Jaffe, J.; Jun, B. Differential power analysis. In Advances in Cryptology—CRYPTO’ 99, Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA, 15–19 August 1999; Wiener, M., Ed.; Springer: Berlin/Heidelberg, Germany, 1999; pp. 388–397. [Google Scholar]
- Messerges, T.S.; Dabbish, E.A.; Sloan, R.H. Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput.
**2002**, 51, 541–552. [Google Scholar] [CrossRef] [Green Version] - Wang, D.; Zhang, Z.; Wang, P.; Yan, J.; Huang, X. Targeted online password guessing: An underestimated threat. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016; pp. 1242–1254. [Google Scholar]
- Wang, D.; Cheng, H.; Wang, P.; Huang, X.; Jian, G. Zipf’s law in passwords. IEEE Trans. Inf. Forensic Secur.
**2017**, 12, 2776–2791. [Google Scholar] [CrossRef] - Agrawal, S.; Das, M.L.; Lopez, J. Detection of node capture attack in wireless sensor networks. IEEE Syst. J.
**2018**, 13, 238–247. [Google Scholar] [CrossRef] - He, D.; Wang, D. Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst. J.
**2014**, 9, 816–823. [Google Scholar] [CrossRef] - Wang, D.; Wang, N.; Wang, P.; Qing, S. Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity. Inf. Sci.
**2015**, 321, 162–178. [Google Scholar] [CrossRef] - Bellare, M.; Pointcheval, D.; Rogaway, P. Authenticated key exchange secure against dictionary attacks. In Proceedings of the Eurocrypt 2000, Bruges, Belgium, 14–18 May 2000; pp. 139–155. [Google Scholar]
- Bresson, E.; Chevassut, O.; Pointcheval, D. Security proofs for an efficient password-based key exchange. In Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, DC, USA, 27–30 October 2003; pp. 241–250. [Google Scholar]
- Shoup, V. Sequences of games: A tool for taming complexity in security proofs. IACR Cryptol. Eprint Arch.
**2004**, 332. Available online: https://eprint.iacr.org/2004/332 (accessed on 18 January 2006). - Wang, D.; Gu, Q.; Cheng, H.; Wang, P. The request for better measurement: A comparative evaluation of two-factor authentication schemes. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIA CCS ’16, Xi’an, China, 30 May–3 June 2016; pp. 475–486. [Google Scholar]
- Wu, F.; Li, X.; Xu, L.; Vijayakumar, P.; Kumar, N. A novel three-factor authentication protocol for wireless sensor networks with IoT notion. IEEE Syst. J.
**2020**, 15, 1120–1129. [Google Scholar] [CrossRef] - Srinivas, J.; Das, A.K.; Wazid, M.; Kumar, N. Anonymous lightweight chaotic map-based authenticated key agreement protocol for industrial Internet of Things. IEEE Trans. Dependable Secur. Comput.
**2018**, 17, 1133–1146. [Google Scholar] [CrossRef] - Abbas, G.; Tanveer, M.; Abbas, Z.H.; Waqas, M.; Baker, T.; Al-Jumeily OBE, D. A secure remote user authentication scheme for 6LoWPAN-based Internet of Things. PLoS ONE
**2021**, 16, e0258279. [Google Scholar] [CrossRef]

Goal | Description |
---|---|

Anonymity and un-traceability | Identity protection and user un-traceability |

Resistance against password-guessing attacks | The attacker cannot grasp the user’s password |

Session key security | The attacker cannot compute or steal the session key negotiated between the user and service provider [34] |

Resistance against impersonation attacks | Server impersonation attacks and key-compromise user impersonation attacks |

Notation | Description | Notation | Description |
---|---|---|---|

${U}_{i}$ | User | $x$ | Long-term key for ${S}_{j}$ |

${S}_{j}$ | Service provider | $\mathcal{A}$ | Malicious adversary |

$I{D}_{i}$ | Unique identity of ${U}_{i}$ | $\parallel $ | String concatenation operation |

$P{W}_{i}$ | Password chosen by ${U}_{i}$ | $\u2a01$ | Bitwise XOR operation |

$b$ | Random numbers for ${S}_{j}$ | $H\left(\cdot \right)$ | One-way hash function |

$a$ | Random numbers for ${U}_{i}$ | $SK$ | Session key shared between ${U}_{i}$ and ${S}_{j}$ |

User (${\mathit{U}}_{\mathit{i}}$) | Secure Channel | Service Provider (${\mathit{S}}_{\mathit{j}}$) |
---|---|---|

Registration Phase: | ||

Choose $I{D}_{i}$ | $\stackrel{\left\{I{D}_{i}\right\}}{\to}$ | Generates a random number ${r}_{i}\u03f5{Z}_{p}^{\ast}$ |

Computes: | ||

${V}_{i}=H\left(I{D}_{i}\parallel x\parallel {r}_{i}\right)$ | ||

Generates a random number ${a}_{i}\u03f5{Z}_{p}^{\ast}$ | Store $\left\{I{D}_{i},{r}_{i},Sum=0\right\}$ in database | |

Computes: | New smart card: | |

$RP{W}_{i}=H\left(I{D}_{i}\parallel P{W}_{i}\right)\mathrm{m}\mathrm{o}\mathrm{d}{n}_{0}$ | $S{C}_{i}=\left\{X,P,{V}_{i}\right\}$ | |

${B}_{i}=H\left(RP{W}_{i}\parallel {a}_{i}\right)\u2a01{V}_{i}$ | $\stackrel{S{C}_{i}}{\leftarrow}$ | |

Chooses an integer ${2}^{4}\le {n}_{0}\le {2}^{8}$ | ||

${A}_{i}=H\left(I{D}_{i}\parallel P{W}_{i}\parallel {a}_{i}\right)\mathrm{m}\mathrm{o}\mathrm{d}{n}_{0}$ | ||

Update smart card: | ||

$S{C}_{i}=\left\{{a}_{i},{A}_{i},{B}_{i},X,P,{n}_{0}\right\}$ |

User (${\mathit{U}}_{\mathit{i}}$) | Public Channel | Server (${\mathit{S}}_{\mathit{j}}$) |
---|---|---|

Step 1: | ||

Input $I{D}_{i}^{\prime},P{W}_{i}^{\prime}$ | ||

Compute: | ||

${A}_{i}^{\prime}=H\left(I{D}_{i}^{\prime}\parallel P{W}_{i}^{\prime}\parallel {a}_{i}\right)\mathrm{m}\mathrm{o}\mathrm{d}{n}_{0}$ | ||

Checks if ${A}_{i}^{\prime}={A}_{i}$ | Step 2: | |

Compute: | Computes ${K}_{2}^{\ast}=x{\cdot K}_{1}$ | |

$RP{W}_{i}^{\prime}=H\left(I{D}_{i}^{\prime}\parallel P{W}_{i}^{\prime}\right)\mathrm{m}\mathrm{o}\mathrm{d}{n}_{0}$ | $I{D}_{i}^{\ast}\parallel {V}_{i}^{\ast}={D}_{{K}_{2}^{\ast}}\left({M}_{2}\right)$ | |

${V}_{i}={B}_{i}\u2a01H\left(RP{W}_{i}^{\prime}\parallel {a}_{i}\right)$ | Checks the validity $I{D}_{i}^{\ast}$ | |

Generates a random number $a$ | Extract: ${r}_{i}^{\ast}$ | |

Compute: | Check if ${V}_{i}^{\ast}=H\left(I{D}_{i}^{\ast}\parallel x\parallel {r}_{i}^{\ast}\right)$ | |

${K}_{1}=a\cdot P,{K}_{2}=a\cdot X$ | Compute: ${M}_{1}^{\ast}=H\left(I{D}_{i}^{\ast}\parallel {K}_{1}\parallel {K}_{2}^{\ast}\parallel {V}_{i}^{\ast}\right)$ | |

${M}_{1}=H\left(I{D}_{i}\parallel {K}_{1}\parallel {K}_{2}\parallel {V}_{i}\right)$ | Checks if ${M}_{1}$ $={M}_{1}^{\ast}$ | |

${M}_{2}={E}_{{K}_{2}}\left(I{D}_{i}\parallel {V}_{i}\right)$ | $\stackrel{\left\{{M}_{1},{M}_{2},{K}_{1}\right\}}{\to}$ | Generates a random number $b$ |

Step 4: | $\stackrel{\left\{{K}_{3},{M}_{3}\right\}}{\leftarrow}$ | Step 3: |

Computes ${K}_{4}^{\prime}=a\cdot {K}_{3}$ | Computes ${K}_{3}=b\cdot P,{K}_{4}=b\cdot {K}_{1}$ | |

$S{K}_{u}=H\left({K}_{4}^{\prime}\parallel I{D}_{i}\parallel {V}_{i}\right)$ | ${M}_{3}=H\left({K}_{3}\parallel {K}_{2}^{\ast}\parallel {V}_{i}^{\ast}\parallel I{D}_{i}^{\ast}\parallel {K}_{4}\right)$ | |

${M}_{3}^{\prime}=H\left({K}_{3}\parallel {K}_{2}\parallel {V}_{i}\parallel I{D}_{i}\parallel {K}_{4}\right)$ | $S{K}_{s}=H\left({K}_{4}\parallel I{D}_{i}^{\ast}\parallel {V}_{i}^{\ast}\right)$ | |

Checks if ${M}_{3}^{\prime}=$ ${M}_{3}$ |

Notation | Description | Notation | Description |
---|---|---|---|

${EC}_{1}$ | User anonymity and un-traceability | ${EC}_{6}$ | Provision of key agreement |

${EC}_{2}$ | Password verifier table is unwanted | ${EC}_{7}$ | Mutual authentication verification |

${EC}_{3}$ | Password exposure is avoidable | ${EC}_{8}$ | No clock synchronization |

${EC}_{4}$ | Timely typo detection | ${EC}_{9}$ | Sound capacity for repair |

${EC}_{5}$ | No smart-card-loss attack | ${EC}_{10}$ | Forward secrecy |

Protocols | Ref. | Evaluation Criteria | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|

${\mathit{E}\mathit{C}}_{1}$ | ${\mathit{E}\mathit{C}}_{2}$ | ${\mathit{E}\mathit{C}}_{3}$ | ${\mathit{E}\mathit{C}}_{4}$ | ${\mathit{E}\mathit{C}}_{5}$ | ${\mathit{E}\mathit{C}}_{6}$ | ${\mathit{E}\mathit{C}}_{7}$ | ${\mathit{E}\mathit{C}}_{8}$ | ${\mathit{E}\mathit{C}}_{9}$ | ${\mathit{E}\mathit{C}}_{10}$ | ||

Tsai et al. (2013) | [36] | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\u2715$ | $\u2715$ |

Zhu et al. (2015) | [38] | $\surd $ | $\surd $ | $\u2715$ | $\surd $ | $\u2715$ | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\surd $ |

Liu et al. (2016) | [35] | $\u2715$ | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\u2715$ | $\u2715$ | $\surd $ |

Roy et al. (2018) | [37] | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\u2715$ | $\surd $ | $\surd $ | $\u2715$ | $\surd $ | $\u2715$ |

Islam et al. (2018) | [5] | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\u2715$ | $\surd $ | $\surd $ | $\surd $ | $\u2715$ | $\surd $ |

2FA protocol | [-] | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\surd $ | $\surd $ |

Notation | Description | Time/ms | Running Platform |
---|---|---|---|

${T}_{c}$ | The computing time for the extended chaotic-map operation | 0.294 | Ubuntu 18.04 with Intel i7-4710HQ, 2.5 GHz CPU and 8 G memory |

${T}_{m}$ | The computing time for elliptic curve point multiplication | 0.294 | |

${T}_{s}$ | The computing time for the symmetric cryptography operation | 0.021 | |

${T}_{h}$ | The computing time for a one-way hash operation | 0.003 |

Parameter | Length/Bits |
---|---|

Timestamp | 16 |

User identity | 160 |

Random number | 128 |

Elliptic curve point | 160 |

The output of the hash function | 160 |

The ciphertext of the symmetric encryption/decryption algorithm | 128 |

Protocols | Computation Cost | Total Communication Cost | Message Rounds | ||
---|---|---|---|---|---|

User | Service Provider | Total Running Time | |||

Tsai et al. (2013) [36] | $5{T}_{h}+{T}_{m}$ | $5{T}_{h}+{3T}_{m}$ | 1.206 ms | 960 bits | 3 |

Zhu et al. (2015) [38] | $4{T}_{h}+2{T}_{c}$ | $6{T}_{h}+2{T}_{c}$ | 1.206 ms | 736 bits | 2 |

Liu et al. (2016) [35] | $6{T}_{h}+3{T}_{c}$ | $6{T}_{h}+3{T}_{c}$ | 1.8 ms | 1280 bits | 3 |

Roy et al. (2018) [37] | 9${T}_{h}+2{T}_{c}$ | $6{T}_{h}+{T}_{c}$ | 0.927 ms | 960 bits | 2 |

Islam et al. (2018) [5] | $7{T}_{h}+2{T}_{m}+{T}_{s}$ | $5{T}_{h}+2{T}_{m}+{T}_{s}$ | 1.254 ms | 768 bits | 3 |

2FA protocol | $10{T}_{h}+3{T}_{m}$ | $8{T}_{h}+3{T}_{m}$ | $1$.818 ms | 1376 bits | 2 |

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |

© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Liu, K.; Zhou, Z.; Cao, Q.; Xu, G.; Wang, C.; Gao, Y.; Zeng, W.; Xu, G.
A Robust and Effective Two-Factor Authentication (2FA) Protocol Based on ECC for Mobile Computing. *Appl. Sci.* **2023**, *13*, 4425.
https://doi.org/10.3390/app13074425

**AMA Style**

Liu K, Zhou Z, Cao Q, Xu G, Wang C, Gao Y, Zeng W, Xu G.
A Robust and Effective Two-Factor Authentication (2FA) Protocol Based on ECC for Mobile Computing. *Applied Sciences*. 2023; 13(7):4425.
https://doi.org/10.3390/app13074425

**Chicago/Turabian Style**

Liu, Kaijun, Zhou Zhou, Qiang Cao, Guosheng Xu, Chenyu Wang, Yuan Gao, Weikai Zeng, and Guoai Xu.
2023. "A Robust and Effective Two-Factor Authentication (2FA) Protocol Based on ECC for Mobile Computing" *Applied Sciences* 13, no. 7: 4425.
https://doi.org/10.3390/app13074425