RESEAP: An ECC-Based Authentication and Key Agreement Scheme for IoT Applications

Although the Internet of Things (IoT) provides many benefits for our life but it also raises many security threats. The main risk is the security of the transferred data comprising very critical information that its leakage compromises our privacy. In this regard, many security protocols have been introduced in literature, among which multi factor authentication protocols have been received considerable attention. in this paper, in the first step, the first third party security analysis of the newly proposed scheme denoted as ESEAP (designed by Kumari et al.) is presented. The provided analysis shows that this protocol has a number of security flaws including vulnerability to off-line password guessing attack, traceability attack, impersonation attack, insider attack and also desynchronization attack. For the second step, an enhanced protocol denoted as $RESEAP$ is proposed in which we use physically unclonable function to improve its security. We prove the security of RESEAP informally and also formally in real or random model, which is a widely accepted security model to prove the security of a cryptographic protocol. While the security analysis confirms that RESEAP protocol has better security, its comparison with ESEAP also shows its higher efficiency.


I. INTRODUCTION
The Internet of Things (IoT), as a system of interrelated computing devices, allows devices to communicate with each other to transfer data over a network without the need for human-to-human or human-to-computer interaction. This technology enhances our daily life by providing infrastructure for other concepts such as Internet of Vehicles (IoV), Internet of Energy (IoE), Internet of Sensors (IoS) and Machine to Machine Communications (M2M). Combining IoT with the new advances in artificial intelligence and machine/deep learning provides many opportunities. However, that interconnected system of data flow also raises many challenges. More precisely, the devices that are connected through IoT, can capture and transfer many sensitive data that may easily The associate editor coordinating the review of this manuscript and approving it for publication was Bin Zhou . compromise our privacy. Hence, there should be a mechanism to control the access to the captured and transferred data by any devices in an IoT system. To deal with this demand, security protocols can be employed to control the access to data. Such protocols are regularly used in our daily use of the internet, e.g. Secure Sockets Layer (SSL) [1] protocol. However, IoT is a heterogeneous network and it may not be possible to use those common solution because of the very constrained devices that are connected in this network, e.g. RFID tags and WSN nodes. To cope with these restrictions, researchers attempt to develop lightweight protocols for IoT system. Among them, authentication and session key agreement protocols receive more attention.
On the other hand, the edge device is widely distributed, can be compromised or stolen by the adversary to retrieve their entire sensitive data. To overcome such problems, Multi-Factor Authentication (MFA) protocols are proposed VOLUME 8, 2020 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ in literature. In such protocols, for example to authenticate a protocol's instance, more than one factor should be provided by that instance. Secret keys, smart cards, smartphones and biometric features are among those factors that are widely used to design a secure protocol for different applications. A survey of MFA protocols is provided by Ometov et al. [2], in which they have provided a detailed analysis of factors that are currently utilized for MFA protocols with their corresponding operational requirements. Although multi factor based schemes could provide better security, however, they also impose more complexity to the underlying scheme. Hence, it may not be possible to use them in constrained applications. Hence, two-factor based security protocols received more attention in literature. Among them, Haq et al. [3] recently proposed a two-factor lightweight authentication protocol using self-certified public key cryptography for multi-server 5G networks. Besides, they have analyzed a proposed protocol by Ying and Nayak [4], which is also a two factor authentication protocol, and have shown that it has important security flaws. Sinigaglia et al. [5] also provided a survey on the adoption of MFA and the design choices made by the banking sector in different countries. Qiu et al. [6] also proposed a lightweight two-factor authentication and key agreement protocol with dynamic identity based on Elliptic Curve Cryptography (ECC). In this paper, they also showed that the proposed protocol by Nikooghadam et al. [7] does not provide desired security against key-compromise impersonation attack and it also suffers from the lack of forward secrecy. It should be noted Nikooghadam et al. also have shown that Kumari et al.'s protocol [8] cannot resist off-line guessing attack or preserve user anonymity. It should be noted the Kumari et al. 's protocol has also analyzed by Kaul and Awasthi [9], where they have shown that the adversary can obtain the common session key of future communication between user and the server. Wu et al. [10] proposed a scheme to provide strong user anonymity and strong key agreement property. However, later Gupta and Chaudhariab [11] showed that it fails to provide those properties. In addition, they also proposed a two factor authentication protocol for roaming service in global mobility network and claimed security beyond traditional limit [11]. However, the proposed protocol is very costly and may not be useful for constrained environments, because it uses ECC and also quadratic residue, beside hash function. Xie et al. proposed a claimed to be provably secure dynamic ID-based two-factor authentication key exchange protocol [12]. However, later analysis by Li et al. [13] showed that it suffers from off-line dictionary attack. Fotouhi et al. [14] recently proposed a lightweight and secure two-factor authentication scheme for wireless body area networks in health-care IoT. In [14], they use hash function as the source of the security. Byun and Jeong [15] also analyzed the security of two password-based Physically Unclonable Function (PUF) embedded authentications protocols [16], [17] against off-line password guessing attack.
The above studies, beside many other studies, show that it is not possible to trust any security solution without extensive third party security analysis, that confirmed its security. In this regard, Kumari et al. [18] have recently analyzed the security of two-factor protocol proposed by Wang et al. [19] and shown that it suffers from off-line password guessing attack and impersonation attack. Besides, they also proposed an improved protocol denoted as ESEAP, which is an ECC based mutual authentication protocol using smart card and claimed to be secure and efficient. However, their claim cannot be trusted before thorough investigation. Hence, in this paper we want to evaluate the security of this protocol against the known attacks in the context. The contribution of this paper is as follows: 1) We show that ESEAP does not provides better security against ESEAP off-line password guessing attack and the adversary can guess the password, assuming that it has low entropy, i.e. selected from a finite set. Besides, we show that this protocol suffers from traceability attack, impersonation attack, insider attack and also desynchronization attack. The proposed attacks are in the security model used by the designers and contradict their claims. 2) We propose a revised protocol and name it RESEAP, in which we are using PUF to provide desired security against the proposed attacks. 3) We heuristically prove the security of the proposed protocol against different attacks and also formally in real or random model. Our security analysis shows that it provides desired semantic security in this model. 4) We compare the performance of RESEAP versus ESEAP and show that the revised protocol also outperforms ESEAP, beside its enhanced security.
In the rest of this paper, in section II we introduce the required backgrounds and also briefly explain ESEAP protocol. Next, in section III we analyze the security of this protocol by proposing several attacks. In section IV, we proposed the revised protocol, RESEAP and provide its security proofs in section V. Performance evaluation of the proposed protocol is in section VI. Finally, section VII concludes the paper.

II. PRELIMINARIES
In this section, we introduce required notations, a brief description of elliptic curve-based cryptography, and also represent ESEAP protocol. Table 1 lists notations used in this paper.

A. ELLIPTIC CURVE CRYPTOGRAPHY
Elliptic Curve Cryptography (ECC) is a public-key cryptography approach based on a group G, which is defined over an elliptic curve. The elliptic curve E F q is defined as the set of all (x, y) ∈ F q × F q such that λ 2 = µ 3 + aµ + b, where a, b ∈ F q and 4a 3 + 27b 2 mod q = 0, along with a distinguished point at infinity which is denoted by O.
G generates all elements of the group(,) then it is called a generator of the group. The order of an element Q ∈ G is denoted as the smallest positive number n such that nQ = O. When n is enough large, given any natural (?) scalar a ∈ F q and P = {(λ, µ) ∈ E F q } of order n, it is easy to calculate y = a × P. However, given y, E F q and P, it is computationally infeasible to determine a, which is known as elliptic curve discrete logarithm problem (EC-DLP). Similarly, for a, b ∈ F q , given a × P, b × P, E F q and P, it is computationally hard to determine a × b × P, which is known as Elliptic Curve Computational Diffie-Hellman Problem (EC-CDHP).

B. SEMANTIC SECURITY IN THE REAL-OR-RANDOM MODEL
In a password-authenticated key agreement schemes, the scheme's parties use their password in order to share a common session key SK (sk), that will be used to build secure channels [20], [21]. In such schemes, we consider a party as either a client U ∈ U or a trusted server S ∈ S, where U could be either honest or malicious. It also holds a long-lived key password PW U . The server S holds a vector , contains an entry for each client U . pw S [U ] defines a transformation of PW U . If U is malicious client, then through security analysis one should assume that PW U could be known by the adversary. If two clients U i and U j share the same session identifications, they are called partners.
To determine the adversary's advantage to distinguish a real session key from an ideal one, a bit b is defined which is chosen uniformly at random at the beginning of the semantic security game. In general terms, the adversary (A) controls any communications over public channel passively or actively and it can run the following queries: • Execute (U , S) query as a passive adversary A to eavesdrop the exchanged messages between U i and S.
• Send (U /S, m) query. This query models an active adversary that may intercept a message and then either modify it, create a new one (?), or simply forward it to U /S.
• Reveal (U ) query to access the content of the client U i . • Test (U i ) is used to verify its guess for b. If no session key for instance U is defined or if a Reveal query was asked to either U or to its partner, then an undefined symbol ⊥ is returned (?). Otherwise, return the session key for instance U if b = 1 or a random key of the same size if b = 0 (?). Considering an execution of a password-authenticated key agreement protocol P, in the presence of an adversary A with access to the Execute, Send, and Test oracles which outputs a guess bit b 0 . The adversary's advantage to win the semantic security game in the Real-Or-Random (RoR) sense, by guessing the correct b 0 = b, is denoted by (as) Adv RoR D,P (t, R) and defined as follows [21] (following relation parentheses ?): P offers RoR semantic security if: where ε(.) is a negligible function (negligible value).

C. ESEAP PROTOCOL
We describe a brief description of ESEAP [18] in this section. It is a mutual authentication and key agreement protocol between a user and a server over public channel (?). The protocol includes several phases as initialization phase, registration phase and login and key agreement phase, password change phase, revocation phase and re-registration phase.
In the initialization phase of the scheme (), S chooses a random number x as its secret key and an elliptic curve E F q and a generator g over the group G and a hash function h(.).
In the next phase, the user U is registered to the server S, over a secure channel as follows: 1) The user U chooses a password PW U and an identifier ID U , generates a random integer a ∈ Z * q and calculates PWU = h(ID U PW U a) and sends the message 3) After receiving the message, U calculates P 1 = a ⊕ h(ID U PW U ), P 2 = h(PWU P 1 ) and P 3 = a ⊕ ID U ⊕ c, deletes c from SC and stores {P 1 , P 2 , P 3 } in SC (,respectively). VOLUME 8, 2020 Assuming that U registered to S successfully (After successfully registration of U in S), the login and authentication phase of ESEAP, over a public channel, is as follows: 1) The user U inserts its SC into the card reader along with its ID U and PW U . 2) SC calculates a * = P 1 ⊕ h(ID u PW U ) and PWU * = h(ID U PW U a * ) and verifies whether P 2 ? = h(PWU * P 1 ) to accept the login. Next, SC com- If that (the) checking does not pass, S searches its User_List to find a match for ID * U . Then, S verifies the received TS U 1 , computes . Then it sends the message M 2 = {E 2 , TS S1 } to U . 4) After receiving M 2 , U verifies TS S1 and computes ). At the end of this process, the shared session key is SK = SK U = SK S .
In the password change phase, U inserts SC along with its ID U and PW U into the card reader. SC computes a * = P 1 ⊕ h(ID u PW U ) and PWU * = h(ID U PW U a * ) and verifies whether P 2 ? = h(PWU * P 1 ) to accept the login. Then, U chooses the new password PW new U and computes a new Revocation phase of the protocol is very similar to the first two steps of the login and authentication phase. More precisely, in the user's side, is calculated in the login and authentication phase and the message {E 1 , P 3 , Revoke Request , TS Rev1 } is sent to S. Next, S verifies TS Rev1 and follows the approach similar to login and authentication phase to authenticate U . Once U has been authenticated, S sets b to NULL and afterward U cannot login, because S assumes its SC has been breached or stolen.
Re-registration phase is the last phase of ESEAP, which is used if the registered account of U does not work properly. In this phase, U sends M RR = {PWU , ID U , TS RR1 } to S. Then, S verifies TS RR1 . If ID U exists in the User_List, the previous SC is suspended and S follows the process of the registration phase.

III. SECURITY ANALYSIS OF ESEAP PROTOCOL
In this section, we review ESEAP in more dept. The attacks that are considered are those that the designers have explicit claim of security against, e.g. forward secrecy contradiction attack and insider attack.

A. OFF-LINE PASSWORD GUESSING ATTACK
The designers claimed that if the adversary A extracts the SC's data and eavesdrops the transferred messages between U and S, she/he cannot guess the password efficiently.
Let assume the user's password PW U and identifier ID U are in a finite set denoted by {S 1 : PW U } and {S 2 : ID U } but a is a random value. In addition, following the designers' assumption, assume A also extracted the content of SC that To do offline password guessing attack, A does as follows: respectively as a, the user's password PW U and identifier ID U . 2) Given a, PW U and ID U , retrieves . Following the above attack, the adversary can determine the secret parameters, including the user's password PW U and identifier ID U with the complexity of |{S1 S 2 }|, independent of |a|.

B. SMART CARD LOSS ATTACK
The designers claimed (claims) (According to... designers claims) that since it is not possible to do off-line password guessing attack, the adversary also cannot do SC loss attack, assuming that A stolen SC and obtained its content. However, following the given scenario in subsection III-A, obtaining the content of SC, A can determine the user's password PW U and identifier ID U , assuming that they have been selected from a finite set. Hence, similar to the explained attack, assuming that A has stolen the U 's SC, she/he can retrieve all the parameters playing important role in 200854 VOLUME 8, 2020 the protocol, i.e. ID U , PW U , PWU , B 1 , c, b, C 1 , C 2 and K U 1 = h(ID U a P 3 ), as shown in subsection III-A. All these retrieved parameters are constant values as long as the user has not participated in a new registration or password change phase.

C. USER'S ANONYMITY
In a protocol, if the adversary can link two sessions in which the user U has participated with a non-negligible probability, that protocol is a target for the user's traceability. If a user could be traced then its anonymity will be compromised. In ESEAP, in each session, U sends P 3 = a ⊕ ID U ⊕ c to S. Given it is not updated from a session to another session (between two consecutive sessions), hence it could be the source of traceability of a target U with a high probability. It is worth noting that given two smart cards SC and SC' contain P 3 and P 3 , the probability of P 3 = P 3 is 2 −max(|a|,|b|) . Hence, the success probability of connecting two sessions in which SC is involved would be 1 − 2 −|a| .

D. INSIDER ATTACK
Another attack, that designers claimed ESEAP is secure against, is insider attack. In this attack, we can assume that the server's administrator has access to any information related to the user that are stored at the server, the registration request sent by the user to S in the registration phase, the messages sent by the user to S in the login and authentication phase; and the insider attacker's target could be to retrieve PW U . Following this assumption, the insider attacker has access to ID U , b and c. On the other hand, P 3 is also transferred over public channel to S. Hence, the insider attacker can determine a = P 3 ⊕ b. Given PWU = h(ID U PW U a), the only unknown value to the insider attacker is PW U , which is selected from a finite set. Hence, she/he can guess all possible values for PW U and verify its correctness by verifying it in PWU to filter the wrong guesses. The complexity of determining PW U is |S 1 | is expected to be a small space. Therefore, ESEAP suffers from insider attack.

E. USER IMPERSONATION ATTACK
To impersonate U , the adversary does as follows: 1) Assume A has access to SC, by stealing it, and also retrieved ID U and PW U following the attacks described in subsection III-A, subsection III-B or subsection III-D. = h(PWU * P 1 ) and accepts the login. It then computes , generates a random number u ∈ Z * q and calculates E 1 = Es K U 1 (P 3 , ID U , C 1 , C 2 , u.g, N , TS U 1 ) and sends the message {E 1 , P 3 } to S. 4) Next, S computes (?) K S1 = h(ID U P 3 ⊕ b P 3 ), (P 3 , ID U , C 1 , C 2 , u.g, N , TS U 1 ) = Ds K U 1 (E 1 ) and checks P 3 . It also verifies the received TS U 1 , computes B 1 = h(ID U x c b) and verifies N and authenticates A as the legitimate U . Then, S calcu- h(b N B 1 B 2 ) and E 2 = Es K S2 (ID S1 , s.g, V , B 2 ) (?). Then it sends the message Then, it computes ID S = ID S1 ⊕ h((P 3 ⊕ a) N B 1 B 2 ) and the session key: SK U = h(ID U ID S K U 2 N .g u.s.g B 2 TS S1 ).
Following this attack, A could impersonate U successfully and share the session key with the server. Hence, this protocol does not provide security against user impersonation attack.

F. DESYNCHRONIZATION ATTACK
The designers argued that it is not possible to do a desynchronization attack on ESEAP because no shared parameter is updated through login and authentication phase. However, suppose the attacker A gets access to the SC of the user and A retrieved (?) secret parameters based on the attacks given in subsection III-A or subsection III-B, (then ?) it can participate in a later (next) phase of the protocol, e.g. password change phase, revocation phase or re-registration phase, to desynchronize the legitimate user from S. Hence, this protocol is not secure against desynchronization attack. It worth noting (?) that if the SC is not replaced and the user comes to know that his/her SC is missing/lost then he/she can go for the revocation phase as stated in ESEAP.

IV. RESEAP: REVISED VERSION OF ESEAP
To remedy ESEAP, we make some modifications to fix its security flaws. The revised protocol is called RESEAP for simplicity. In RESEAP, to simplify the protocol, we omit the last two phases ESEAP, i.e. revocation phase and re-registration phase, but keep the sequence of other phases identical to ESEAP. Besides, we also equip each smart card with a secure and reliable Physical Unclonable Function PUF(.). A secure and reliable PUF(.) returns completely different responses PUF(C) and PUF(C ), given the challenges C = C . Besides, it returns the same response for the same challenge, even if it is tested again and again. In addition, different PUFs should return completely different responses for the same challenges. Although designing such a PUF function is a challenging task but its research area has had many progresses already [22]- [24]. However, it is out of the scope of our study in this paper.  We also use ECC and one-way hash function in the proposed protocol. Following this modification, the revised protocol is explained in the rest of this section.

A. INITIALIZATION PHASE
In the initialization phase of the scheme, S chooses an elliptic curve E F q and a generator g over the group G and a hash function h(.), a random number sk S as its secret key and computes its public key PK S = sk S .g. Next, S stores the system parameters, i.e. {E q (c, d), q, g, h(.), Es(.), ID S , PK S } in each SC which has been already equipped with a secure and reliable PUF(.) in factory.

B. REGISTRATION PHASE
In this phase, following Figure 1, U receives a fresh SC and over a secure channel, it is registered to the server S as follows: 1) The user U chooses a password PW U and an identifier ID U , generates a random integer a ∈ Z * q , calculates PWU = h(PUF(ID U PW U ) ⊕ a), PK U = (PUF(ID U PW U ) + a).g, M = h(PK U , ID U , TS reg U ) and sends the message {ID U , PK U , TS reg U , M } to S, where TS reg U is its current timestamp. 2) Next, S verifies the timestamp TS reg U and M to accept the U 's registration. Next, it generates a random integer b ∈ Z * q , calculates K U = h(b sk S ID U ) and sets User_List := {ID U , PK U , K U } and stores it in an encrypted database. Besides, S sends K U to U in order to confirm the successful registration. 3) After receiving K U message, U sets Honey_List = 0 and stores {a, PWU , K U , Honey_List} in the SC.

C. LOGIN AND AUTHENTICATION PHASE
After successfully registration of U in S, the login and authentication phase of ESEAP, over a public channel, is as follows: 1) The user U inserts its SC into the card reader along with its ID U and PW U .

D. PASSWORD RENOVATION PHASE
The password change phase is as follows: 1) The user U inserts its SC into the card reader along with its ID U and PW U .

V. SECURITY ANALYSIS OF RESEAP
Given any user is registered over a secure channel and received his/her SC securely, it is enough to evaluate the security of the other two phases, i.e. login and authentication phase and password change phase.

A. HEURISTIC SECURITY ANALYSIS
In this section, we show that RESEAP provides desired security against different attacks in the context, including the proposed attacks against ESEAP. Table 2 represents a summary of the security comparison of RESEAP versus ESEAP.

1) MUTUAL AUTHENTICATION
To accept the U 's login, S verifies whether M * .r U .PK S , M 2 = (PUF(ID U PW U ) + a).r U .g, PK S = sk S .g and PK U = sk U .g = (PUF(ID U PW U ) + a).g. After the following computations, if S receives the message correctly, then it will accept the login request:

3) REPLAY ATTACK
In RESEAP, any session is refreshed by random values r U , r S and timestamps TS U and TS S which are verified by U and S. Besides, the integrity of the timestamps and other values are guaranteed by one-way hash function. Hence, the adversary cannot replay a message belongs to previous sessions without being detected. It shows that RESEAP provides security against replay attack.

4) IMPERSONATION ATTACK
To do an impersonate attack, the adversary should either do a replay attack or generate a valid message. However, following subsection V-A3, the adversary has no chance to do replay attack. On the other hand, to impersonate S, the adversary should generate a valid M 5 which is not feasible. Impersonation of S, without the knowledge of sk S and K U and impersonation of U , without the knowledge of sk u and K U is not feasible and the adversary also has no chance to generate a valid set of M 1 , M 2 , M 3 and M 4 , because it has no access to K U and sk i . The same argument can be deduced for impersonation of U . Hence, RESEAP is secure against impersonation attack.

5) TRACEABILITY AND ANONYMITY
The transferred messages over public channel, in the proposed protocol, are M 2 , M 4 , M 6 , M 8 and M 9 . Among them, M 4 , M 8 and M 9 are produced using one-way hash functions and their inputs are randomized for each session, e.g. by timestamp and random numbers. Hence, the adversary cannot use them to trace the user or the server. On the other hand, M 4 = (TS U ID S ID U M 3 ) ⊕ M 1 and M 1 = (PUF(ID U PW U ) + a).r U .PK S and r u is a random value generated by U . Hence, assuming that the used ECC has enough security, the adversary cannot use M 4 to trace U or S. A similar argument can be conducted for M 8 . It shows that RESEAP is secure against traceability.

6) SECRET DISCLOSURE ATTACK
Given M 4 , M 8 and M 9 are produced using one-way hash functions, the adversary cannot extract any information from them. M 4 and M 8 are also masked by ECC. Hence, the adversary cannot reveal any secret information from the transferred messages over public channel.

7) DESYNCHRONIZATION ATTACK
In RESEAP, the protocol participants do not update their shared secrets. Hence, the adversary cannot desynchronize them.

8) PROVIDING MESSAGE CONFIDENTIALITY
In RESEAP, the session key is computed as: where, M 5 = sk u .sk S .r S .r U .g. It is clear the adversary cannot extract the session key without solving EC-DLP or EC-CDHP.

9) SECURITY AGAINST COMPROMISED SMART CARD
Since the user's smart cart can be stolen, we should assume that the adversary has access to the SC and compromise it. With compromising SC, the adversary has access to its content and her/his aim could be to impersonate the user or to compromise the security of the previous session keys. The content of SC is {E q (c, d), q, g, h(.), Es(.), ID S , PK S , a, PWU , K U }. To impersonate the user or extract a previous session key, the adversary at least needs sk U = PUF(ID U PW U ) + a. However, the adversary has no access to the PUF(.) function and by compromising the smart card PUF(.) will not be reconstructable. In addition, the session key is calculated as SK S = h(sk u .sk S .r S .r U .g TS S TS U ID U ID S K U ) and the adversary has access to M 2 = sk U .r U .g and M 6 = sk S .r S .g.
However, to compute sk u .sk S .r S .r U .g using those information, the adversary should deal with EC-DLP or EC-CDHP which is not feasible in polynomial time. Hence, RESEAP is secure against attacks related to compromised smart card.

10) INSIDER ATTACK
An insider adversary has access to the content of the SC sent by S, i.e . {E q (c, d), q, g, h(.), ID S , PK S }, and the transferred messages from U , during the registration phase or later, i.e. ID U , PWU , M 2 , M 4 , M 9 and also the extracted TS U ID S ID U M 3 . However, to extract the user's password, it should overcome the embedded PUF(.) which is not feasible. Hence, the proposed protocol is secure against insider attack. It is worth nothing that even having sk S does not help the adversary to recover the user's password in polynomial time.

11) PASSWORD GUESSING
If the insider attacker cannot guess the user's password, then any other adversaries, which have less access, will not be able to recover the user's password.

B. FORMAL SECURITY ANALYSIS IN RoR MODEL
In this section, acco5rding to [20], [21], we formally prove the semantic security of RESEAP in real or random model (RoR).
Theorem 1: Let PUF and h(.) be a secure and reliable PUF and a secure hash function respectively and q exe , q send and q test represent the number of queries to Execute, Send and Test oracles on RESEAP, respectively. Then: Adv RoR D,RESEAP (t; q exe ; q test ; q send ) ≤ 4.q.ε h +4.q.ε ECC +q.ε PUF where ε ECC denotes the maximum advantage of solving EC-DLP or EC-CDHP by the adversary on each query, ε h denotes the maximum advantage of contradicting collision resistance security of h(.) and ε PUF denotes the maximum advantage of contradicting the indistinguishability property of PUF on each query and q = q exe + q test + q send .
Proof: We are assuming U is communicating with S to share a session key and the adversary A is an adversary against the semantic security of RESEAP in the Realor-Random model. Similar to [21], we define a series of games G, starting with random world Ran and ending with real world RESEAP, denoted as Real. On each game G n , we will determine Adv RoR−G n D,P (t, R) as the A's advantage to guess the hidden bit b involved in the Test queries of RoR model. It should be noted that in order to rule out trivial advantages, through the proof, we assume that the structure of the transferred messages, e.g. the block size, in Ran and Real worlds are identical.
Game G 0 . This game exactly defines Ran and Adv RoR−G0

D,Ran
(t, R) = 0. Game G 1 . It is similar to G 0 . The only difference is that M 2 and M 6 are replaced with ECC point multiplications. Given M 2 = (PUF(ID U PW U ) + a).r U .g, M 6 = sk s .r S .g and r U and r S are fresh nonces that are generated by U and S respectively. hence, to distinguish this modification, the adversary should deal with solving EC-DLP or EC-CDHP which is expected to be hard. Following this argument (?): Game . They are all randomized by timestamp and implicitly by the random values that are generated in each session. Hence, to distinguish them from random strings, the adversary should deal with the hash function's security. Therefore: D,Ran (t, R) + 3.q.ε h . Game G 5 . Compared to G 4 , in this game we use PUF(.) to compute sk U . Hence: D,Ran (t, R) + q.ε PUF . Game G 6 . This game is similar to G 5 . The only difference is that the session key is calculated using hash function as h(M 5 TS * S TS U ID U ID S K U ). However, if the input string to the hash function is randomized by timestamp and implicitly by the random values that are generated in each session, then: Adv D,Ran (t, R) + q.ε h where q = q exe + q send + q test . It is clear that G 6 exactly represents the implementation of RESEAP and we can conclude that: Adv RoR D,RESEAP (t; q exe ; q test ; q send ) D,Ran (t, R) ≤ 4.q.ε h + 4.q.ε ECC + q.ε PUF = 4.q.ε h + q.ε ES + 2.q.ε ECC Hence, the proof has been completed in this way. VOLUME 8, 2020

VI. PERFORMANCE EVALUATION A. SIMULATION METRICS
To provide a fair security comparison between RESEAP and other related protocols, through our analysis, bit lengths of timestamp, random number, identifier, hash value and ECC point are respectively considered as 32, 128, 128, 160 and 320 bits. It should be noted that we are considering SHA-256 as one-way hash function but truncating its output to 160-bit. The reason is the recently reported security concerns of SHA-1 [25].
To compute the energy consumption of a scheme, we use the known relation Ec = V .I .TC, in which Ec is the consumed energy during the computation time TC, assuming I is the consumed current and V is the working voltage of the device.

B. RESULTS
The user side of ESEAP requires computational modules for ECC, hash function and symmetric encryption/decryption. On the other hand, in RESEAP, the user does not need symmetric encryption/decryption but it should support PUF. Given PUF is a hardware friendly, we can assume required hardware resources for RESEAP and ESEAP are almost similar. However, the server of ESEAP requires computational modules for ECC, hash function and symmetric encryption/decryption while the server of RESEAP only needs ECC and hash function. On the other hand, the user of ESEAP performs 12 calls to the hash function (T h ), 2 calls to symmetric cipher (T Es ) and 3 calls to ECC point-multiplications (T ECC ) and its server performs 9T h + 2T Es + 3T ECC . The user of RESEAP performs a PUF invocation (T PUF ), 3 calls to ECC point-multiplications (T ECC ), 5 calls to the hash function and 3 calls to ECC point-multiplications and its server performs 5T h + 3T ECC . This comparison shows that RESEAP is more efficient compared to ESEAP, in terms of computational complexity. A comparison between computation complexity of RESEAP and related protocols are presented in Table 3. Through experimental evaluation, we used an Arduino UNO R3 board having microcontroller ATmega328P for each client. Using the mentioned platform, we achieved T ECC ≈ 21 ms, T ECC ≈ 26 ms, T h ≈3 ms for SHA-256 and T Es = 3.7 ms. We also considered the time of a PUF invocation (T PUFn ) equal to T h . Following this experiment, the execution time in the user side for ESEAP and RESEAP are respectively 106.4 ms and 81 ms. The execution time in the server side for ESEAP and RESEAP are respectively 97.4 ms and 78 ms. It shows that RESEAP is much faster than ESEAP in this platform, almost 24% in the user side and almost 20% in the server side and 22% for whole session. It should be noted that in ESEAP each call to the symmetric encryption/decryption requires more than one call to the block cipher, because the input message is much larger than the block length. If we consider it, the computational cost of ESEAP even will be higher.
Based on our parameter setting that are given in subsection VI-A, the communication cost of RESEAP for M 2 , M 4 , M 6 and M 8 will be 320 bits and the cost of M 9 will be 160 bits. On the other hand, the communication cost of ESEAP for P 3 and E 1 are 64 bits and 928 bits respectively and its cost for T S and E 2 are 32 bits and 704 bits respectively. It shows that the communication cost of RESEAP is less than ESEAP. It is worth noting that E 1 and E 2 are calculated using symmetric encryption and their length should be at least the same as the encrypted values. Hence, the bit-length of E 1 and E 2 are considered equal to the bit length of their input values. Based on Table 3 and also Figure 3, RESEAP requires less cost than ESEAP in different aspects.
According to ATmega328P datasheet [26], the maximum power, i.e. (V .I ), of ATmega328P is less than 14mA×5.5 V = 77 mW . Following this, the comparison of energy consumption of RESEAP and ESEAP is provided in Table 3.

VII. CONCLUSION
In this paper, we provided the first third party security analysis of ESEAP, an ECC based mutual authentication protocol using smart card which has been proposed by Kumari et al.. Our detailed security analysis of this protocol demonstrated several crucial flaws on it, including vulnerability to off-line password guessing attack, traceability attack, and desynchronization attack. Besides, as a revised version, we proposed RESEAP which provides better efficiency compared to ESEAP and has provable semantic security in RoR model.
In ESEAP, to overcome off-line password guessing attack, the designers stored the hash image of the password, randomized by a nonce. They claimed that nonce prevents mentioned types of attack even if the password is selected from a finite set. However, given the nonce is constant and stored in a permanent memory and assuming adversary has access to the hash image, then he/she has access to the nonce. Hence, this approach could not provide desired security. In this regard, future works could be investigating our strategy versus other protocols that may have used the approach. To overcome this problem, we have used PUF which adversary cannot reconstruct it.
MASOUMEH SAFKHANI received the Ph.D. degree in electrical engineering from the Iran University of Science and Technology, in 2012, with the security analysis of RFID protocols as her major field. She is currently an Assistant Professor with the Computer Engineering Department, Shahid Rajaee Teacher Training University, Tehran, Iran. She is the author/coauthor of over 50 technical articles in information security and cryptology in major international journals and conferences. Her current research interests include the security analysis of lightweight and ultra-lightweight protocols, targeting constrained environments, such as RFID, the IoT, VANET, and WSN.
NASOUR BAGHERI received the M.S. and Ph.D. degrees in electrical engineering from the Iran University of Science and Technology (IUST), Tehran, Iran, in 2002 and 2010, respectively. He is currently an Associate Professor with the Electrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran. He is also a part-time Researcher with the Institute for Research in Fundamental Sciences. He is the author of more than 100 articles in information security and cryptology. His research interests include cryptology, more precisely, designing and analysis of symmetric schemes, such as lightweight ciphers, e.g., block ciphers, hash functions, and authenticated encryption schemes, cryptographic protocols for constrained environment, such as RFID tags and the IoT edge devices, and hardware security, e.g., the security of symmetric schemes against side-channel attacks, such as fault injection and power analysis. VOLUME 8, 2020 SARU KUMARI received the Ph.D. degree in mathematics from Chaudhary Charan Singh University, Meerut, India, in 2012. She is currently an Assistant Professor with the Department of Mathematics, Chaudhary Charan Singh University. She has published more than 133 research articles in reputed international journals and conferences, including 115 publications in SCI-indexed journals. Her current research interests include information security and applied cryptography. She is a Technical Program Committee member for many international conferences. She has served as a Lead/Guest Editor of four special issues in SCI journals of Elsevier, Springer, and Wiley. She is on the Editorial Board for more than 12 journals of international repute, including seven SCI journals.
HAMIDREZA TAVAKOLI received the M.S. and Ph.D. degrees in electrical engineering from the Iran University of Science and Technology (IUST), Tehran, Iran, in 2002 and 2012, respectively. He is currently a Professor of Electrical Engineering with Hakim Sabzevari University, Sabzevar, Iran. His research interests include performance evaluation of wireless networks and network security.
SACHIN KUMAR (Member, IEEE) received the Ph.D. degree in computer science from CCS University, Meerut, in 2007. He has been working as a Professor with the Department of Computer Science and Engineering, Ajay Kumar Garg Engineering College (AKGEC), Ghaziabad, since October 2011. Prior to joining AKGEC, he worked with the Raj Kumar Goel Institute of Technology (RKGIT) Ghaziabad, the Krishna Institute of Engineering Technology (KIET), Ghaziabad, and CCS University, Meerut. He has more than 18 years of academic experience. He has guided four Ph.D. and ten M.Tech. students. He has published/presented several articles in journals/conferences of repute. He is the author/coauthor of three books of computer science.