Abstract
Ensuring security and respect for users’ privacy, especially in electronic health-care systems, is an important task that is achievable by authentication protocols. The security of many protocols is based on public-key cryptography, the breaking of which depends on solving a hard problem, e.g. Quadratic Residue (QR) which is compatible with constrained devices and is based on integer factoring with the Mean time complexity of \(exp\left( \left( c+o(1)\right) \log ^{1/3}(n) \log ^{2/3}\left( \log (n)\right) \right) \) for some \(c<2\). In this paper, we introduce a vulnerability in QR-based problems for reducing the time complexity from Mean case to Min one and present an algorithm with time complexity \(O(\log ^2(n))\) to calculate user’s session keys and finding confidential user’s data by passive monitoring of the transmitted data over public networks for 2048-bit public keys in \(6.9 \mu s\). To prove the efficiency of the proposed attacks, we address 12 vulnerable QR-based authentication protocols and show that the structure of all vulnerable transmitted messages is limited to 6 cases while messages in \(\left( \sqrt{n},n-\sqrt{n}\right) \) are safe from the proposed method. Also, two recent authentication protocols have been analyzed in detail to show the consequences of the proposed vulnerability.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data availability
Data sharing is not applicable to this article as no datasets were generated or analyzed during the current study.
References
Bernstein DJ, Chang Y-A, Cheng C-M, Chou L-P, Heninger N, Lange T, Van Someren N (2013) Factoring RSA keys from certified smart cards: coppersmith in the wild. In: International conference on the theory and application of cryptology and information security. Springer, p 341–360
Bian W, Gope P, Cheng Y, Li Q (2020) Bio-AKA: an efficient fingerprint based two factor user authentication and key agreement scheme. Future Generation Comput Syst. https://doi.org/10.1016/j.future.2020.03.034
Boneh D et al (1999) Twenty years of attacks on the RSA cryptosystem. Not AMS 46(2):203–213
Cao T, Chen X, Doss R, Zhai J, Wise LJ, Zhao Q (2016) RFID ownership transfer protocol based on cloud. Comput Netw 105:47–59
Chaudhry SA, Shon T, Al-Turjman F, Alsharif MH (2020) Correcting design flaws: an improved and cloud assisted key agreement scheme in cyber physical systems. Comput Commun 153:527–537
Chen Y, Chou J-S, Sun H-M (2008) A novel mutual authentication scheme based on quadratic residues for RFID systems. Comput Netw 52(12):2373–2380
Chiou S-Y, Chang S-Y (2018) An enhanced authentication scheme in mobile RFID system. Ad Hoc Netw 71:1–13
Doss R, Zhou W, Yu S (2012) Secure rfid tag ownership transfer based on quadratic residues. IEEE Trans Inf Forensic Secur 8(2):390–401
Doss R, Sundaresan S, Zhou W (2013) A practical quadratic residues based scheme for authentication and privacy in mobile RFID systems. Ad Hoc Netw 11(1):383–396
Ghahramani M, Javidan R, Shojafar M (2020) A secure biometric-based authentication protocol for global mobility networks in smart cities. J Supercomput. https://doi.org/10.1007/s11227-020-03160-x
Ghahramani M, Javidan R, Shojafar M, Taheri R, Alazab M, Tafazolli R (2021) RSS: an energy-efficient approach for securing IoT service protocols against the DoS attack. IEEE Internet Things J 8(5):3619–3635
Gudeme JR, Pasupuleti SK, Kandukuri R (2020) Attribute-based public integrity auditing for shared data with efficient user revocation in cloud storage. J Ambient Intell Humaniz Comput. https://doi.org/10.1007/s12652-020-02302-6
Gupta M, Chaudhari NS (2019) Anonymous two factor authentication protocol for roaming service in global mobility network with security beyond traditional limit. Ad Hoc Netw 84:56–67
HaddadPajouh H, Dehghantanha A, Parizi RM, Aledhari M, Karimipour H (2019) A survey on internet of things security: requirements, challenges, and solutions. Internet Things 14:100129
HaddadPajouh H, Khayami R, Dehghantanha A, Choo K-KR, Parizi RM (2020) AI4SAFE-IoT: an AI-powered secure architecture for edge layer of internet of things. Neural Comput Appl. https://doi.org/10.1007/s00521-020-04772-3
Jiang Q, Ma J, Yang C, Ma X, Shen J, Chaudhry SA (2017) Efficient end-to-end authentication protocol for wearable health monitoring systems. Comput Electr Eng 63:182–195
Jin Y, Zhu H, Shi Z, Lu X, Sun L (2015) Cryptanalysis and improvement of two RFID-OT protocols based on quadratic residues. In: 2015 IEEE international conference on communications (ICC), IEEE, p 7234–7239
Khan MN, Rao A, Camtepe S (2020) Lightweight cryptographic protocols for IoT constrained devices: a survey. IEEE Internet Things J 8:4132–4156
Kumari S, Om H (2016) Authentication protocol for wireless sensor networks applications like safety monitoring in coal mines. Comput Netw 104:137–154
Kumari S, Li X, Wu F, Das AK, Arshad H, Khan MK (2016) A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps. Future Generation Comput Syst 63:56–75
Lee T-F (2015) Enhancing the security of password authenticated key agreement protocols based on chaotic maps. Inf Sci 290:63–71
Lee C-C, Chen S-D, Li C-T, Cheng C-L, Lai Y-M (2019) Security enhancement on an RFID ownership transfer protocol based on cloud. Future Generation Comput Syst 93:266–277
Lee C-C, Li C-T, Cheng C-L, Lai Y-M (2019) A novel group ownership transfer protocol for RFID systems. Ad Hoc Netw 91:101873
Lin H-Y (2015) Improved chaotic maps-based password-authenticated key agreement using smart cards. Commun Nonlinear Sci Numer Simul 20(2):482–488
Ling D, Chen K (2012) Cryptographic protocol: security analysis based on trusted freshness. Higher Education Press
Mishra D (2016) Design and analysis of a provably secure multi-server authentication scheme. Wirel Pers Commun 86(3):1095–1119
Neshenko N, Bou-Harb E, Crichigno J, Kaddoum G, Ghani N (2019) Demystifying IoT security: an exhaustive survey on IoT vulnerabilities and a first empirical look on internet-scale IoT exploitations. IEEE Commun Surv Tutor 21(3):2702–2733
Nitaj A, Rachidi T (2015) Factoring RSA moduli with weak prime factors. In: International conference on codes, cryptology, and information security. Springer, p 361–374
Ostad-Sharif A, Abbasinezhad-Mood D, Nikooghadam M (2019) Efficient utilization of elliptic curve cryptography in design of a three-factor authentication protocol for satellite communications. Comput Commun 147:85–97
Qi M, Chen J (2018) New robust biometrics-based mutual authentication scheme with key agreement using elliptic curve cryptography. Multimed Tools Appl 77(18):23335–23351
Qi M, Chen J, Chen Y (2018) A secure biometrics-based authentication key exchange protocol for multi-server TMIS using ECC. Comput Methods Programs Biomed 164:101–109
Reddy AG, Yoon E-J, Das AK, Odelu V, Yoo K-Y (2017) Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access 5:3622–3639
Rivest RL, Silverman RD (1999) Arestrong’primes needed for RSA? In: In the 1997 RSA laboratories seminar series, seminar proceedings. Citeseer
Roy S, Chatterjee S, Das AK, Chattopadhyay S, Kumari S, Jo M (2017) Chaotic map-based anonymous user authentication scheme with user biometrics and fuzzy extractor for crowdsourcing internet of things. IEEE Internet Things J 5(4):2884–2895
Roychoudhury P, Roychoudhury B, Saikia DK (2018) Provably secure group authentication and key agreement for machine type communication using Chebyshev’s polynomial. Comput Commun 127:146–157
Saeed MES, Liu Q-Y, Tian G, Gao B, Li F (2018) Remote authentication schemes for wireless body area networks based on the internet of things. IEEE Internet Things J 5(6):4926–4944
Sundaresan S, Doss R, Piramuthu S, Zhou W (2017) A secure search protocol for low cost passive RFID tags. Comput Netw 122:70–82
Sundaresan S, Doss R, Zhou W (2012) A secure search protocol based on quadratic residues for EPC class-1 gen-2 UHF RFID tags. In: 2012 IEEE 23rd international symposium on personal, indoor and mobile radio communications-(PIMRC). IEEE, p 30–35
Taheri R, Ghahramani M, Javidan R, Shojafar M, Pooranian Z, Conti M (2020) Similarity-based android malware detection using hamming distance of static binary features. Future Generation Comput Syst 105:230–247
Wu F, Xu L, Kumari S, Li X (2017) A privacy-preserving and provable user authentication scheme for wireless sensor networks based on internet of things security. J Ambient Intell Humaniz Comput 8(1):101–116
Xu D, Chen J, Liu Q (2019) Provably secure anonymous three-factor authentication scheme for multi-server environments. J Ambient Intell Humaniz Comput 10(2):611–627
Yeh T-C, Wu C-H, Tseng Y-M (2011) Improvement of the RFID authentication scheme based on quadratic residues. Comput Commun 34(3):337–341
Zhang L, Luo H, Zhao L, Zhang Y (2018) Privacy protection for point-of-care using chaotic maps-based authentication and key agreement. J Med Syst 42(12):250
Zhang Y, He D, Li L, Chen B (2020) A lightweight authentication and key agreement scheme for internet of drones. Comput Commun. https://doi.org/10.1016/j.comcom.2020.02.067
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Human and animal participants
This article does not contain any studies with human participants or animals performed by any of the authors. The authors declare that they have no conflict of interest and this study was not funded by any organizations. Also, no datasets were generated or analyzed during the current study.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Ghahramani, M., HaddadPajouh, H., Javidan, R. et al. VQR: vulnerability analysis in quadratic residues-based authentication protocols. J Ambient Intell Human Comput 14, 7559–7574 (2023). https://doi.org/10.1007/s12652-023-04557-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-023-04557-1