Cryptanalysis and Improvement of User Authentication Scheme Based on Rabin Cryptosystem

With the emergence of various methods for user authentication, smartcards have appeared as a convenient method of authentication based on possession factor. Besides, Rabin Cryptosystem has the same security strength is seen in using factoring problems such as RSA. In 2016, Ranjan et al. introduced Rabin Cryptosystem based user authentication scheme. Rabin Cryptosystem calculates only square modulo in encryption, it is more efficient than the RSA. Furthermore, they insisted their scheme provides resistance of replay attack and denial of service attack, and mutual authentication. However, unfortunately, we discover that there are some vulnerabilities in Ranjan et al.'s scheme that might cause serious problems. In this paer, we briefly review a Ranjan et al.'s scheme and reveal the possibility of attacks to consider in the user authentication scheme like offline password guessing, user/server impersonation attacks. Also, their scheme does not support a user anonymity and a session key agreement process. Next, we describe our Rabin Cryptosystem based user authentication improvement; then, we demonstrate our proposed scheme shows more secure compared to Ranjan et al.'s scheme and more suitable to the real environment.