Computers and Electrical Engineering 96 (2021) 107532

Contents lists available at ScienceDirect

Computers and Electrical Engineering

journal homepage: www.elsevier.com/locate/compeleceng

Lightweight batch authentication and privacy-preserving scheme

for online education system
Jegadeesan Subramani, Ph.D a, *, Tu N. Nguyen b, Azees Maria, Ph.D c,
Arun Sekar Rajasekaran c, Korhan Cengiz d
a
Department of Electronics and Communication Engineering, M. Kumarasamy College of Engineering, Karur, Tamil Nadu, India
b
Department of Computer Science, Purdue University Fort Wayne, Fort Wayne, IND 46805, United States of America
c
Department of Electronics and Communication Engineering, GMR Institute of Technology, Rajam, Andhra Pradesh, India
d
Department of Electrical and Electronics Engineering, Trakya University, Edirne 22030, Turkey

A R T I C L E I N F O A B S T R A C T

Keywords: Nowadays, the online education system (OES) attracts learners to improve their knowledge and
Anonymous certificate skills through learning flexibility and efficient assessment procedures. The learner can learn the
Anonymous signature courses and obtain a degree in a comfortable place, no need to go to school or college. Physical
Batch authentication
verification in the traditional education system is replaced by a secure authentication process.
Conditional privacy
Online education system
Many authentication schemes are existing to provide authentication, but they are suffering from
authentication burden, due to high computational cost. In this work, two batch authentication
schemes are introduced to validate the multiple learners and batch of messages/materials
simultaneously instead of authenticating one after another. It reduces the authentication burden
during the learner registration and message/material distribution process. The security and
performance analysis sections ensures that the proposed scheme provides the essential security
features with less computational costs compared to that of existing competitive schemes.

Batch authentication schemes are introduced to authenticate the multiple learners and batch of messages/materials simultaneously
instead of authenticating one after another. It reduces the authentication burden during the learner registration and message/material
distribution process. The security and performance analysis sections ensures that the proposed scheme provides the essential security
features with less computational costs compared to that of existing competitive schemes.

1. Introduction

In recent days, the OES [1] has attracted people to improve their knowledge and skills without affecting their regular work. The
OES is changing the face of traditional classroom learning and making education more accessible. The learners no need to visit school
or college, they can learn any course or obtain a degree from a comfortable place of their own. The main advantages of OES are, (i)
Learners can access learning materials and submit the assigned work to the teacher at their convenient time. Learners may have other
duties, so that they can easily balance duties and education. (ii) Learners can review the lecture instantly according to their needs (iii)

This paper is for special section VSI-spbd. Reviews processed and recommended for publication by Guest Editor Dr. Marimuthu Karuppiah.
* Corresponding author.
E-mail addresses: jegadeesans@rediffmail.com (J. Subramani), nguyent@pfw.edu (T.N. Nguyen), azeesmm@gmail.com (A. Maria), arunsekar.r@
gmrit.edu.in (A.S. Rajasekaran), korhancengiz@trakya.edu.tr (K. Cengiz).

https://doi.org/10.1016/j.compeleceng.2021.107532
Received 9 January 2021; Received in revised form 7 March 2021; Accepted 1 October 2021
Available online 13 October 2021
0045-7906/© 2021 Elsevier Ltd. All rights reserved.
J. Subramani et al. Computers and Electrical Engineering 96 (2021) 107532

Higher participation due to a comfortable speaking environment (iv) The learner can spend more time to think, it gives more con­
fidence to them (v) It fully focuses on learner’s idea or knowledge, not the physical language (vi) Flexibility in learning time (vii)
Learners can learn any course conducted by any country from their comfortable places. The next process of OES is conducting an
examination through online. Learners may appear from their convenient location for the examination and no need to travel for a
distance. Also, it saves the travelling expenses and the environment with a paperless process. The face-to-face physical verification in
the traditional examination system is replaced by the proper authentication procedure. Many authentication procedures are intro­
duced to the OES and are used to verify the genuinity of the learner during the learning and examination period. It is achieved by using
individual secret passwords [2], using learners’ behavioral characteristics [3], using learners’ objects, using the knowledge-based
authentication [4], etc. But the OES increases a lot of authentication challenges. It is a very difficult task to identify the genuinity
of learners due to the absence of physical interaction as it is in traditional education system.
In the absence of physical verification, impersonation may occur in the OES and it is vulnerable to academic activities than the
traditional education system. To overcome the above-mentioned security threats and authentication burden in the OES, a lightweight
batch authentication and the privacy-preserving scheme are proposed. The proposed scheme authenticates the batch of learners
instantaneously and is also used to authenticate the receiving messages and the source of messages. The main advantage of the
proposed scheme is that the validation time of learners and messages is highly reduced and also it provides conditional privacy to OES
users.

1.1. Our contributions

The main objectives of the proposed lightweight batch authentication and privacy-preserving scheme are as follows.

• To ensure the receiving data integrity, which is appropriately required for OES during the exchange of information between the
learners and examiners.
• Propose a computationally efficient authentication method to authenticate the batch of requests/messages received from the online
batch learners (OBL).
• Propose a lightweight online batch message/material (OBM) authentication method to authenticate the batch of messages/ma­
terials received from the examiner.
• To provide conditional privacy to OES users without revealing their actual identity in a resource-limited environment.

The remaining part of this paper is structured as follows, Section 2 presents the related works. The system setup and initialization
are discussed in Section 3. The proposed OED activation key distribution is discussed in Section 4. Section 5 presents the proposed
batch authentication scheme. The security strength of the proposed scheme is discussed in Section 6. The performance analysis of the
proposed batch authentication is presented in Section 7. Finally, Section 8 concludes the proposed work.

2. Related works

Nowadays, the use of the Internet has increased considerably by providing a wide range of applications, such as teleconferencing,
distributed data processing, e-learning, etc. [29,30]. Specifically, e-learning attracts more people to the education system and takes
more online courses to improve their knowledge. Educational institutions also support the OES instead of traditional education sys­
tems, due to its learning flexibility. Higher education institutions are increasing the use of information and communication technology
(ICT) to meet the expectations of learners who need more experience than the traditional classroom-based learning. Improving the
trust and engagement of users in OES is very important and also, OES provides the users with both asynchronous and synchronous
interactions. The asynchronous interaction allows the users to communicate their information without the other user’s participation,
while synchronous interaction allows all users to interact at the same time [5].
The learning environment of many higher education institutions is changed online to engage their students. It may increase the
understanding of ICT issues such as usability, security, and privacy of users. Commercially, many researchers are working towards
storing important information securely, without any theft or mishandling of information. Hence, the institutions need to do cyber­
security risk assessment and provide the necessary technology and process arrangements. The current OES does not provide the
essential security requirements [6]. It may lead to disagreeable situations such as fabricating the student’s course assessments,
providing undoubted fake identity, interruption upon private discussions, modification of date on the submitted work, and gaining
access to the student’s personal data.
In Salimovna et al. [7], the authors introduced a new methodology using Public Key Infrastructure (PKI) models to provide
important security features in OES such as data integrity, data availability, user identification and validation, access control, user
privacy, non-repudiation, and timestamping. In conventional cryptography methods, the encryption and decryption of information are
done by using the generation and sharing of secret credentials. Shared secret credentials may be intercepted by adversaries and shared
information can be decrypted easily. In Fenu et al. [8], the authors raised concerns about data security and privacy-preservation issues
such as student behavior tracking and interruption of student personal data. Early identification and better understanding of the
security threats in OES help the users to improve their learning environments [9].
But the OES is affected by many security threats and the OES stakeholders (teacher, learner, and database) face many security issues
such as interruption, medication, interception, fabrication, and privacy issues [10]. To overcome these security threats, stakeholders
need to be provided with the following security requirements such as data integrity, user privacy, legitimacy, and data availability. The

2
J. Subramani et al. Computers and Electrical Engineering 96 (2021) 107532

OES user claims that the existing platform does not provide secure authentication. Attackers may compromise the security policies of
the OES during the implementation [11]. The main problem in the OES is the unethical behavior of stakeholders [12]. Many research
papers focused on the issues related to OES. In Allen and Seaman [13], the authors presented the security challenges of e-learning. In
Hung et al. [14], the system will conduct an auto-grading examination and publish the results. Also, it will generate the performance
analysis report for a particular assessment. In Kumar and Kumar [15], the authors designed a new web based OES by using a unique
software tool. Many researchers have developed an algorithm to provide the minimum-security requirements for OES such as
authenticity, secrecy, anonymity, integrity without the interference of third parties.
In Rajendran et al. [16,17], the authors discussed a profile-based authentication technique based on user knowledge and the user
authentication depends on the user’s personal and academic details. The schemes proposed in Boneh et al. [19–24] are discussed about
the solutions provided to the security threats in the wireless communication and OES. But did not concentrated on the user authen­
tication delay, message authentication delay, and user privacy.

3. System setup and initialization

The overall system model of the proposed scheme is shown in Fig. 1. It consists of three key elements, such as the network manager
(NM), the learner (Li) and the examiner (ej). All three elements are connected through the internet. The NM is a trusted administrative
authority that will provide registration to each OES user. All OES users must register their unique credential with the NM before
starting to use the OES. Upon completion of the successful registration process, NM will provide the identity card to each OES user.

3.1. Bilinear pairing

Let G1, G2 and GT are the three multiplicative cyclic group of prime order p. Let g1 be the generator of G1, g2 be the generator of G2
and ψ be an isomorphism from G2 to G1 such that ψ(g2) = g1. Assume that G1, G2 and GT are equipped with pairing. e: G1 × G2 → GT is a
bilinear map and it should satisfy the following properties.
y
Bilinear: e(g1x , g2 ) = e(g1 , g2 )xy for all g1 ∈ G1, g2 ∈ G2 and x, y ∈ Z∗q , Where Z∗q = [1, 2, …, (q − 1)].

Fig. 1. Overall system model.

3
J. Subramani et al. Computers and Electrical Engineering 96 (2021) 107532

Non-degeneracy: e(g1,g2) ∕
= 1GT.
Computability: There exists an efficient algorithm to compute the bilinear map easily e: G1 × G2 → GT.

3.2. System initialization

First, the NM selects the random number x, y ∈ Zp∗ as it is master secret key. Second, the NM calculates the examiner and learner
public key by using the private keys of the examiner and the learner. Third, the NM select its private key (pr) as pr ∈ Z∗p and calculates
pr+y
the public key (pu) as pu = g1 . Fourth, the NM choose the hash function as H : {0, 1}∗ → Z∗p . Atlast, the NM set the system parameters
and published as param = (H, e, pu, p, G1,G2,GT,g1,g2).

3.3. Nomenclature

The nomenclature used in this paper is listed in Table 1.

3.4. Registration

Step 1: Once, the learner Li submitted the required documents to the NM, the NM selects its private key (LPRi) as LPRi ∈ Z∗q and it
calculates the public key (LPUi) as LPUi = g1Li +α . Next, Li needs to register the Online Education Device (OED) to the NM. The NM
x+y L +x+y+pr
allocates the credential cli = g1 and calculates the OED activation key AK = g1i to activate OED to get the value of LPRi and
LPUi. Finally, NM calculates the double encryption key deki = cli*LPUi to find the OED activation key in the key distribution phase.
Every learner has to use AK and cl to activate the OED.
Step 2: The NM provides an identity card LIDi to the learner Li, those who registered in the OES, where LIDi = LPUix ∗ g1x .
Step 3: To authenticate the batch of learners, the NM calculates the learners’ batch authentication key LBAi for each learner, where
pr+y+LPR − pr− y
LBAi = g1 i
. Also, to track the behavior of the learner, the NM calculates the learner tracking key as LTKi = g1 .
Step 4: To preserve privacy and to validate the source of message, the NM assigns AID − Li as the actual identity of the learner Li
during its registration. Next, the NM generates a fake identity FIDLi for all registered Li. To generate the FIDLi , the NM selects a
f +pr+y
random number f1, where f1 ∈ Z∗p and calculates FIDLi = g11 mod p. Also, the NM generates a fake identity for the examiner (ej)
m +pr+y
as FIDej = g1 1 mod p. Mapping between actual identity and fake identity is carried out only in the NM.
Step 5: The NM pre-stores the values LPRi, LPUi and Fi in the corresponding learner OED. Also, it issues the value of FIDLi , LIDi, cli and
dek to the learner during the registration process, where Fi is the learner’s fingerprint.

Table 1
Nomenclature and descriptions.
Symbol Description

G1,G2and GT Multiplicative cyclic groups

g1 and g2 Generator of G1 and G2
ψ Isomorphism
NM Network Manager
x, y The random number selected by NM to compute public keys
cli Secret credentials allotted by NM to the learner i
AK Activation key
pr NM private key
pu NM public key
H() Collision-free one-way hash function
Li Learner i
LPRi and LPUi Private and the public key of learner i
deki Double encryption key
LIDi Identity of learner i
LBAi Learner batch authentication key
LTKi Learner tracking key
FIDLi Learner i fake identity
FIDej Examiner j fake identity
Fi Learner i fingerprint
eprjand epuj Private and the public key of the examiner j
eidj Identity examiner j
Ms Secret message
EXBAj Examiner batch authentication key
ETKi Examiner tracking key
CRB Batch certificate
sig Batch signature
C Challenger

4
J. Subramani et al. Computers and Electrical Engineering 96 (2021) 107532

Step 6: For the examiners’ registration, ej need to provide the fingerprint Ti details to NM. After that NM selects the private key (eprj)
eprj +x
as eprj ∈ Zp∗ and calculates the public key (epuj) as epuj = g1 . It is used for the mutual authentication between the ej and Li.
pr+y
Step 7: The NM calculates the examiners’ batch authentication key (EXBAj) for every ej, where EXBAj = g1 .
y y
Step 8: The NM provides the identity card eidj = epuj .g1 to the ej during the registration.
y(1+epr )
Step 9: The NM keeps the (FIDej , AID − ej , g1 j
) in the tracking mechanism list, where AID − ej is the actual identity of the ej,
which is assigned by the NM during the registration.

4. OED activation key distribution for user authentication

Once the Li and ej are registered in the OES, the NM provide OEDs to each learner. If they want to communicate with other entities in
the OES, it is necessary to activate the OED. To get the activation key, the users transmit their identity in the encrypted form using the
NM public key. The NM uses its private key to decrypt the received information and calculates the secret message as Ms = AK*cli*LPUi.
Next, transmit the encrypted secret message to the users. Finally, the user calculates the activation key by using the received secret
message.
The extraction procedure of the OED activation key is given below,
Ms
AK =
deki

AK ∗ cli ∗ LPUi
= = AK
cli ∗ LPUi
After verifying the correctness of the credential and activation key, the OED will provide the values of LPRi and LPUi to users for
communicating with other entities in the online education system. Otherwise, it is not possible for the user to activate the OED and to
get the LPRi and LPUi values.

5. Batch authentication

In this section, a batch authentication scheme is proposed to validate the authenticity of the batch of learners and the batch of
messages (source of message) based on the Vijayakumar et al. [18] scheme. The proposed work consists of two batch authentication
schemes, such as online batch learner (OBL) authentication and online batch message (OBM) authentication. In the OBL scheme, a
batch of learners sends the request to the examiners instantaneously to learn and access the message/materials through online. Once
the authentication process is completed for the batch of learners, then the examiner will send the batch of messages/materials to the
verified learners. Once the batch of messages/materials received by the learners, then they will verify the source and integrity of the
message/material with very less authentication burden by using the OBM method. These kinds of protocols are more suitable for
resource-limited applications.

5.1. Learner’s authentication

In the OES, the Li need to register for the available interesting online courses to learn and write the examination. Once the
registration is completed, then the corresponding registered course examiner needs to send the message/materials to the Li for learning
the course and also for conducting the assessments. When the number of Li for particular ej increases, then it may increase the
authentication burden to the ej. It may lead to a delay in the Li authentication. In this work, an online batch learner’s authentication
scheme is proposed to validate multiple Li simultaneously. Hence, it consumes very less time to authenticate the Li. The function of the
OBL method is given as follows.

Step 1: The learner Li selects the random number ri as a private key from the n random numbers r1 , r2 , ...rn ∈ Z∗N . It calculates the
learner’s public key as Si = g1ri for i = 1, 2, 3, ...n. The private keys for the batch of learners 1, 2, 3, ...B are LPR1,LPR2,...LPRB.
Step 2: To receive the message/learning materials from the ej, every Li has to calculate Xi = g1− LPRi +ri and Yi = LBAi.Xi.
Step 3: Later, the Li calculates the value Zi = H(Si‖Yi) to maintain the integrity of Si and Yi.
Step 4: The learner Li computes the tuple 〈Yi,Si,Zi〉, after calculating the Yi.
Step 5: The tuples for the batch of learners L1,L2,...LB are 〈Y1,S1,Z1,LTK1〉,〈Y2,S2,Z2,LTK2〉,...〈YB,SB,ZB,LTKB〉, respectively.
Step 6: To check the batch of tuples, first, the ej checks the integrity of Si and Yi from the tuples by calculating the value by following
Step 3.
∏ B ∏B
Step 7: Next, the ej combine Y = YB and S = SB .
i=1 i=1
Step 8: Finally, the ej checks the value (EXBAi )B = YS, to authenticate the batch of Li. If the value is correct, then the ej sends the
message/learning materials to the batch of Li. Otherwise, it terminates the connection immediately.

Proof of correctness:

5
J. Subramani et al. Computers and Electrical Engineering 96 (2021) 107532

Y
(EXBAi )B =
S
∏B
Y YB
= ∏i=1
B
S i=1 SB

LBA1 .X1 .LBA2 .X2 ...LBAB .XB

=
S1 .S2 ...SB

gpr+y+LPR
1
1
.g−1 LPR1 +r1 .gpr+y+LPR
1
2
.g−1 LPR2 +r2 …gpr+y+LPR
1
B
.g−1 LPRB +rB
= r1 r2 rB
g1 .g1 …g1

gpr+y+LPR
1
1− LPR1 +r1 +pr+y+LPR2 − LPR2 +r2 +...+pr+y+LPRB − LPRB +rB
=
gr11 +r2 +...+rB

(pr+y+LPR1 − LPR1 +r1 +pr+y+LPR2 − LPR2 +r2 +…+pr+y+LPRB − LPRB +rB )− (r1 +r2 +…+rB )
= g1

(B∗pr+B∗y)
= g1

(pr+y)B
= g1

(pr+y) B
= (g1 )

= (EXBAi )B
Once the Li’s are authenticated, the examiner will transmit the message/learning materials to the Li’s. If any single Li is mis­
behaving, then the ej cannot find the value of (EXBAi)Bduring the batch authentication time. To identify the misbehaving Li from the
batch of tuples, the ej checks the value Si = Yi.LTKi. If the Li satisfies the condition, then he/she can continue in the OES. Otherwise, he/
she will be removed from the system immediately by the NM. Once the batch authentication process is completed, the ej can send a
batch of information continuously to the batch of Li. The Li can use the online batch message/material authentication scheme to check
the ej and the integrity of the received information.
Proof of correctness:
Si = Yi .LTKi

= LBAi .Xi .LTKi

= gpr+y+LPR
1
i
.g−1 LPRi +ri .g−1 pr− y

= gr1i = Si

5.2. Messages/materials authentication

Messages/Materials authentication protocol helps the ej to send a batch of messages/materials to the valid Li in the OES instead of
sending them one by one. If the ej wants to send a batch of messages/materials to the Li instantaneously, then he/she need to calculate
the anonymous signature and certificate as follows.

Step 1: The ej selects the random number ki as the one-time private key from the N random numbers ki ∈ Z∗n . Also, calculates epuj as
k − epr
the corresponding public key, where epuj = g1i j
.
Step 2: The ej needs to generate the batch certificate for the calculated epuj as follows,

n +eprj
• First, the ej selects the random number n1 , n2 ∈ Z∗p and calculate the values of a1 and a2, where a1 = g12 and a2 = g1n1 +ki .
• Next, the ej calculates the challenger C = H(epuj‖a1‖a2) and also, calculates b1 and b2, where b1 = g1n2 − n1 and b2 = 1
− n1 − eprj .
g1
• Finally, the ej calculates the batch certificate as CRB = {epuj‖b1‖b2‖C}.

1
k − eprj +H(m1 ‖m2 ‖...‖mg )
To maintain the integrity of information, the ej calculates the batch signature as sig = g2i and sends the information as
M = (m1‖m2‖...‖mg‖sig‖epuj‖T‖CRB). where T is the timestamp.

Step 3: After receiving the information, the Li can validate the integrity and source of the message as follows,

6
J. Subramani et al. Computers and Electrical Engineering 96 (2021) 107532

The Li first checks the freshness of T, if it holds, then Li accepts the information. Next, Li calculates c1 = b1 × b2 and c2 = b1 × epuj,
then Li verify the challenger C = H(epuj‖c1‖c2). If it is correct, then ej and CRB satisfies the verification process. Therefore, the ej is
authenticated successfully by the learner Li.
Proof of correctness:
c1 = b1 × b2

1
= gn12 − n1
× − n1 − eprj
g1

n − n1 +n1 +eprj
= g12

n +eprj
= g12 = a1 .

c2 = b2 × epuj

1 k − eprj
= − n1 − eprj × g1i
g1

n +eprj +ki − eprj

= g11

= gn11 +ki = a2 .

Step 4: After the verification of the batch certificate, the Li can verify the integrity of receiving messages as follows,

H(m ‖m ‖...‖m )
e(ej .g1 1 2 g
, sig) = e(g1 , g2 ). If this criterion is fulfilled, then the message/materials are accepted by the Li. Otherwise, the Li
would deny the message/materials received.
Proof of correctness:
( H m ‖m ‖...‖m ) ( 1 )
( 1 2 g) k − epr H (m1 ‖m2 ‖...‖mg ) k − epr +H (m ‖m ‖...‖mg )
e ej .g1 , sig = e g1i j .g1 , g2i j 1 2

( 1 )
ki − eprj +H (m1 ‖m2 ‖...‖mg ) k − eprj +H (m1 ‖m2 ‖...‖mg )
= e g1 , g2i

= e(g1 , g2 ) (By bilinear property).

If the message/material received from the eidj is disputed, then the actual identity of the ej can be tracked by the NM efficiently and
the NM revoke the particular ej from the OES system.
eidj = epuyj .gy1

The NM use it is master key y and the public key (epuj) of examiner ej for computing the private key of ej to trace the actual identity
y(1+eprj )
of AID − ej from the tracking list (AID − ej , g1 ).

y y (y.eprj )+(x.y) y
eidj epuj .g1 g1 .g1 y(1+eprj )
x.y = x.y = = g1
g1 g1 gx.y
1

6. Security analysis

In this section, formal and informal analysis are used to demonstrate the security strength of the proposed scheme against various
security attacks.

6.1. Formal security analysis

The security strength of the proposed scheme is analyzed formally using Burrows, Abadi, and Needham (BAN) logic [20]. It is used
to find security vulnerabilities in the authentication protocol. The construction of BAN logic is based on postulates and assumptions.
The postulates of the BAN logic are given as follows,

• Rule 1: Message-meaning rule

7
J. Subramani et al. Computers and Electrical Engineering 96 (2021) 107532

P believes Q ↔ K P, P sees {X}K

P believes Q said X

• Rule 2: Nonce – Verification rule

P believes fresh (X), P believes Q said X
P believes Q believes X

• Rule 3: Jurisdiction rule

P believes Q controls X, P believes Q believes X
P believes X

• Rule 4: Decomposition rule

a) P Psees (X, Y) P believes fresh (X) P believes (X, Y)

sees (X) , b) P believes fresh (X, Y), and c) P believes (X)
The following procedures are used to prove the mutual authentication of the proposed scheme using BAN logic

1 The following is derived based on the message-meaning rule (Rule 1)

ej believes ej ↔ CRB Li , ej sees {M}CRB

ej believes Li said {M}

2 The following can be expressed as per the nonce verification rule (Rule 2)
ej believes fresh (T), ej believes Li said {M}
ej believes Li believes {M}

3 The following is derived according to Jurisdiction rule (Rule 3)

ej believes Li controls {M}, ej believes Li believes {M}
ej believes {M}

4 According to the Decomposition rule (Rule 4), the following is expressed as

ej believes ej ↔ CRB Li

5 As per the Rule 1, the following can be expressed as

Li believes Li ↔ CRB ej , Li sees {M}CRB

Li believes ej said {M}

6 The following can be derived based on Rule 2,

Li believes fresh (T), Li believes ej said {M}
Li believes ej believes {M}

7 The expression given below is derived as per Rule 3

Li believes ej controls {M}, Li believes ej believes {M}
Li believes {M}

8 As per Rule 4, the following term can be expressed as

Li believes Li ↔ CRB ej and Li believes ej believes Li ↔ CRB ej

8
J. Subramani et al. Computers and Electrical Engineering 96 (2021) 107532

Because Libelievesfresh(T), thus the following can be obtained as Libelievesfresh(T + 1). Further, it is derived as Libelievesfresh({T + 1}
CRB).
Because LibelievesCRB,Lisees{T + 1}CRB

1 According to Rule 1, the following can be derived as

Li believes ej said {T + 1}CRB

2 By applying Rule 2, the following term can be derived as

Li believes ej believes {T + 1}CRB

Finally, it is derived as Li believes ej believes Li ↔ CRB ej

Likewise, it can be expressed as ej believes Li believes Li ↔ CRB ej
Hence, the proposed scheme achieves mutual authentication.

6.2. Informal analysis

6.2.1. Data integrity and authentication

The sig is attached to all data prior to the data transmission to ensure data integrity. To provide anonymous mutual authentication,
1
k − epr +H(m ‖m ‖...‖mg )
the sig appended to each message m is defined as sig = g2i j 1 2 . In sig, the ki and eprj are known only to the ej. Therefore, it is
very difficult for the opponent to tamper the sig. Furthermore, the value ki gets changed from time to time. It is very difficult to tamper
the sig, even if an adversary found a one-time private key ki. The eprj and ki are used to generate the certificates, therefore it is
computationally hard to find the certificate. The exchange of information between the ej and the Li consists of a certificate and a sig,
which can guarantee the credibility of the data and the authentication of the source. Therefore, it prevents the impersonation attacks.

6.2.2. Non-repudiation
Once, the information is sent from the ej to the other entities in the system, they cannot repudiate. Because Li can easily verify the
data which is received from the ej by using the certificate. By using a sig, the legitimacy of the receiving information is verified. If any
dispute arises, the Li can send the received message/materials to NM for the purpose of finding the source of the message.

6.2.3. Fake message attack resistance

Entities in the OES can check the integrity of receiving messages by using the attached sig. Fake information cannot be entered into
the OES without satisfying the conditional test. Hence, the proposed system is resistant to fake message attacks.

6.2.4. Unforgeable
Users in the OES broadcast the information to the other entities in the system in the form of M = (m1‖m2‖...‖mg‖sig‖li‖CRB). Here,
the information is transferred over the wireless medium. Therefore, the content of the message is easily changed by potential hackers.
1

However, in the proposed system, after adding the user’s sig, the information is passed to the other entities as sig = g2i i 1 2 g ,
k − epr +H(m ‖m ‖...‖m )

where ki is the temporary one-time private key and eprj is a random number chosen by NM. The one-time private key is known only to
the user and eprj is known only to the NM. Therefore, it is very hard for an attacker to generate the sig. Also, the value ki is changing
from time to time. Even if the attacker has found the value of ki, it is impossible to follow and communicate further. From the above
analysis, it is clear that the other users cannot forge the original user sig and CRB.

6.2.5. Anonymity
By using the valid sig and CRB which extracted from the received information, the adversaries need to find the real identity of the
source of information. Here, the adversaries face difficulty in finding the real identity of the source of information due to its
computation complexity. Therefore, an adversary gets zero knowledge about the source of information by using a valid signature and
certificate.

6.2.6. Unlinkability
The CRB and sigare generated based on the one-time private key chosen at random. The value will also be changed from time to
time. Hence, for each communication, this one-time private key generates a new CRB and sig. Therefore, during data exchange between
OES users, it is very difficult for an attacker to locate the source of information other than NM.

6.2.7. Privacy-preservation
The OES users are using anonymous sig and CRB to maintain privacy by protecting their actual identification from other users. But

9
J. Subramani et al. Computers and Electrical Engineering 96 (2021) 107532

the NM can identify the actual identification of Li or ej by using their anonymous CRB. For example, if any OES user transmits false
information using their anonymous CRB to other OES entities, the NM will be able to check the content of the message. If the infor­
mation received is found to be fraudulent, then the OES user will forward the CRB to the NM and map the received CRB with the
tracking list. From the mapping, the NM can easily identify the OES user’s real identity. Subsequently, the NM will disclose the privacy
of the individual Li or ej and withdraw from OES.

7. Performance analysis

In this section, the computational and communication complexity of the proposed scheme is analyzed and compared with other
existing methods numerically.

7.1. Computational and communication complexity

Let Tp be the time it takes to complete a pairing operation, Th is the time it takes to perform the one-time hashing function, and Tm is
the time it takes to complete the operation of point multiplication. The time needed to perform the exponential operation is expressed
as Te in G1 and G2.
For simulation, a 2 GHz computer device with a memory capacity of 8-GB, Cygwin 2.9.0 with gcc version 4.9.2 [27] is used to
measure computational time to perform anonymous mutual authentication for the proposed scheme.
Every result is evaluated for 100 simulation runs and the average results are considered. In simulations, the major computational
time parameters such as Tp, Th and Tm are calculated as 1.5 ms, 2.6 ms, and 0.001 ms, correspondingly. To perform an exponential
operation, the proposed scheme takes 0.6 ms. To authenticate the batch of b users, the proposed OBL method consumes bTh and 3Te. To
authenticate the batch of b messages, the proposed OBM method consumes Th, 2Te and Tp. As mentioned in Table 2, the proposed
method consumes only (b2.6 + 1.8)ms, 5.3ms for OBL, and OBM methods, respectively. Whereas other existing schemes such as Boneh
et al. scheme [19] consumes bTh,2bTp and 2Tp (it takes (b5.9 + 3.2)ms). Zhang et al. scheme [20] consumes bTh,bTm and 3TP (it takes
(b2.701 + 4.8)ms). Chim et al. scheme [21] consumes bTh,2bTm and2Tp (it takes (b2.702 + 3.2)ms). Wasef et al. scheme [22] consumes
3bTm and 5bTp (b8.01ms). Rongxing et al. scheme [23] consumes 11bTm and 3bTp (b4.81ms). Wang et al. scheme [24] consumes 12bTe
and Tp((b9.1 + 3.2)ms).
Therefore, Table 2 ensures that the proposed scheme takes very less computation cost. Hence, the proposed batch authentication
schemes (OBL and OBM) can perform the authentication process with a less computational cost. Figs. 2 and 3 ensures that the proposed
scheme performs better than the other related competitive schemes in terms of authentication time. However, the OBL scheme per­
formance is closer to the Chim et al. [21] and Zhang et al. [20] scheme. But the proposed OBL scheme provides anonymous message
authentication, whereas the Chim et al. [21] and Zhang et al. [20] scheme does not provide the authentication anonymously. The
proposed batch authentication scheme is well suitable for the IoT environment. Because users of the OES are directly connected
through internet. Also, the proposed scheme authenticates multiple users and multiple messages with less computational cost. Hence,
the proposed system is very much suitable to implement in resource-limited devices.

To compute the communication complexity of the proposed scheme, the length of materials/messages (m1‖m2‖...‖mg) are assumed
as 160 bits, the length of batch certificate CRB is considered as 160 bits, the length of batch signature sig is considered as 160 bits,
the public key length of examiner epuj is considered as 320 bits and the length of timestamp T added by the examiner is considered
as 32 bits [28]. In the proposed scheme, the examiner transmits the information M = (m1‖m2‖...‖mg‖sig‖epuj‖T‖CRB) to the
learners. Hence, it consumes (160 + 160 + 160 + 320 + 32) = 832 bits as a communication complexity.

7.2. Security comparisons

The proposed scheme supports the essential security parameters such as mutual authentication, confidentiality, data integrity,
privacy, user anonymity, non-repudiation, replay attack, and unlinkability. Table 3 shows the comparisons of security features sup­
ported by various schemes. The word ’Yes’ represents the system under consideration satisfies the listed security features. The word
’No’ represents the scheme under consideration does not satisfy the list of security features. The scheme proposed by Hu et al. [25] and
Zhang et al. [20] does not maintain the conditional privacy, user anonymity, and also unlinkability. The scheme proposed by Braeken

Table 2
Computational complexity of various batch authentication methods.
Method Batch authentication time (ms)

Boneh et al. [19] method bTh + 2bTp + 2Tp (b5.9 + 3.2)ms

Zhang et al. [20] method bTh + bTm + 3TP (b2.701 + 4.8)ms
Chim et al. [21] method bTh + 2bTm + 2Tp (b2.702 + 3.2)ms
Wasef et al. [22] method 3bTm + 5bTp b8.01ms
Rongxing et al. [23] method 11bTm + 3bTp b4.81ms
Wang et al. [24] method 12bTe + Tp (b9.1 + 3.2)ms
Proposed scheme (batch of learner authentication) bTh + 3Te (b2.6 + 1.8)ms
Proposed scheme (batch of message authentication) Th + 2Te + Tp 5.3ms

10
J. Subramani et al. Computers and Electrical Engineering 96 (2021) 107532

Fig. 2. Comparison of proposed OBL method with other existing schemes.

Fig. 3. Comparison of proposed OBM method with other existing schemes.

et al. [26] does not satisfy the security parameters such as confidentiality, nonrepudiation, and unlinkability properties. But the
scheme proposed by Chim et al. [21] does not satisfy anonymity and unlinkability problem. The proposed scheme supports all the
essential security parameters under consideration.

8. Conclusion

In this paper, a lightweight batch authentication scheme is introduced to overcome the authentication challenges and the
authentication burden in the OES. The main security challenge in the OES is authentication. In this work, the user authentication is
ensured by providing an OED to each user. To access the information from OES, a user needs to activate the OED by providing the

11
J. Subramani et al. Computers and Electrical Engineering 96 (2021) 107532

Table 3
Security features comparisons.
Security properties Schemes
Hu et al. [25] Zhang et al. [20] Braeken et al. [26] Chim et al. [21] Proposed

Mutual Authentication Yes Yes Yes Yes Yes

Confidentiality Yes Yes No Yes Yes
Data Integrity Yes Yes Yes Yes Yes
Conditional Privacy No No Yes Yes Yes
User Anonymity No No Yes No Yes
Non-repudiation Yes Yes No Yes Yes
Replay attack Yes Yes Yes Yes Yes
Unlinkability No No No No Yes

allotted unique credential and fingerprint. To reduce the authentication burden, this work proposed two authentication schemes (i)
Online batch learner authentication protocol, used to authenticate the batch of learners in a single authentication to register them in
the OES. (ii) Online batch message/material authentication protocol, to authenticate a batch of messages/materials that are received
from the other entities of OES users in a single authentication. Therefore, the proposed protocols reduce the authentication time and
the authentication burden in a secure manner. The proposed scheme provides anonymous authentication with conditional privacy to
track the actual identities of mischievous users and withdraw them from the OES to enhance its performance. The security analysis
section ensures that the proposed scheme provides essential security features, and the performance analysis section ensures that the
proposed work performs better in terms of providing user privacy, anonymous authentication, and authentication time compared to
other existing works.

CRediT authorship contribution statement

Jegadeesan Subramani: Writing – original draft, Conceptualization, Investigation, Methodology. Tu N. Nguyen: Formal analysis,
Software, Supervision. Azees Maria: Formal analysis. Arun Sekar Rajasekaran: Formal analysis, Visualization. Korhan Cengiz:
Visualization, Writing – review & editing.

Declaration of Competing Interest

There are no conflicts of interest.

Acknowledgments

Funding: There is no funding for this research article.

References

[1] Jebakumar S, Ramteke V. Enhancing security issues in online games. J Adv Res Dyn Control Syst 2020;12(8):95–103.
[2] Sung YT, Chang KE, Yu WC. Evaluating the reliability and impact of a quality assurance system for e-learning courseware. Comput Educ 2011;57(2):1615–27.
[3] Gathuri JW, Luvanda A, Matende S, Kumundi S. Impersonation challenges associated with e-assessment of university students. J Inf Eng Appl 2014;4(7):60–8.
[4] Kong S, Chan TW, Griffin P, Hoppe U, Huang R. Elearning in school education in the coming 10 years for developing 21st century skills: critical research issues
and policy implications. Educ Technol Soc 2014;17(1):70–8.
[5] Ahmed K, Mesonovich M. Learning management systems and student performance. Int J E-Learn Secur 2019;8(1):582–91.
[6] Takefuji Y. Resilient secured education system for online lectures during the pandemic. J Appl Secur Res 2021;1:1–4.
[7] Salimovna FD, Salimovna YN, ugli ISZ. Security issues in E-Learning system. International Conference on Information Science and Communications
Technologies (ICISCT) 2019:1–4. https://doi.org/10.1109/ICISCT47635.2019.9011971.
[8] Fenu G, Marras M, Boratto L. A multi-biometric system for continuous student authentication in e-learning platforms. Pattern Recognit Lett 2018;113:83–92.
[9] Neville K, Heavin C. Using social media to support the learning needs of future IS security professionals. Electronic J E-Learn 2013;11(1):29–38.
[10] Admad A, Elhossiny MA. E-learning and security threats. Int J Comput Sci Netw Secur 2012;12(14):15.
[11] Abdelkarim N, Shukur Z. Review of user authentication methods in online examination. Asian J Inf Technol 2015;14(5):166–75.
[12] Hayes B, Ringwood JV. Student authentication for oral assessment in distance learning programs. IEEE Trans Learn Technol 2008;1(3):165–75.
[13] Allen IE, Seaman J. Grade change: tracking online education in the United States. Babson Park, MA, USA: Babson Survey Research Group, Quahog Research
Group; 2013. Tech. Rep. http://www.onlinelearningsurvey.com/reports/gradechange.pd.
[14] Hung JL, Wang MC, Wang S, Abdelrasoul M, Li Y, He W. Identifying at-risk students for early interventions–a time-series clustering approach. IEEE Trans Emerg
Top Comput 2015;5(1):45–55.
[15] Kumar R, Kumar N. Massive open online courses (MOOCs) in Indian higher education system. Contemp Soc Sci 2018;27(1):155–8.
[16] Rajendran R, Iyer S, Murthy S, Wilson C, Sheard J. A theory-driven approach to predict frustration in an ITS. IEEE Trans Learn Technol 2013;6(4):378–88.
[17] Whitehill J, Serpell Z, Lin YC, Foster A, Movellan JR. The faces of engagement: automatic recognition of student engagement from facial expressions. IEEE Trans
Affect Comput 2014;5(1):86–98.
[18] Vijayakumar P, Chang V, Deborah LJ, Balusamy B, Shynu PG. Computationally efficient privacy preserving anonymous mutual and batch authentication
schemes for vehicular ad hoc networks. Future Gener Comput Syst 2018;78(3):943–55.
[19] Boneh D, Lynn B, Shacham H. Short signatures from the Weil pairing. J Cryptol 2004;17(4):297–319.
[20] Zhang L, Wu Q, Solanas A, Domingo-Ferrer J. A scalable robust authentication protocol for secure vehicular communications. IEEE Trans Veh Technol 2010;59
(4):1606–17.
[21] Chim TW, Yiu SM, Hui LCK, Li OK. SPECS: secure and privacy enhancing communications schemes for VANETs. Ad Hoc Netw 2011;9(2):189–203.
[22] Wasef A, Jiang Y, Shen X. DCS: an efficient distributed-certificate-service scheme for vehicular networks. IEEE Trans Veh Technol 2010;59(2):533–49.

12
J. Subramani et al. Computers and Electrical Engineering 96 (2021) 107532

[23] Rongxing L, Xiaodong L, Xuemin S. SPRING: a social-based privacy-preserving packet forwarding protocol for vehicular delay tolerant networks. In: Proceedings
of the IEEE INFOCOM’10; 2010. p. 1–9.
[24] Wang Y, Zhong H, Xu1 Y, Cui1 J. ECPB: efficient conditional privacy-preserving authentication scheme supporting batch verification for VANETs. Int J Netw
Secur 2016;18(2):374–82.
[25] Hu C, Zhang N, Li H, Cheng X, Liao X. Body area network security: a fuzzy attribute-based signcryption scheme. IEEE J Sel Areas Commun 2013;31(9):37–46.
[26] Braeken A, Porambage P, Stojmenovic M, Lambrinos L. eDAAAS: efficient distributed anonymous authentication and access in smart homes. Int J Distrib Sens
Netw 2016;12(12):1–11.
[27] Jegadeesan S, Azees M, Ramesh Babu N, Umashankar S, Dhafer Almakhles J. EPAW: efficient privacy preserving anonymous mutual authentication scheme for
wireless body area networks (WBANs). IEEE Access 2020:48576–86.
[28] Zeng X, Xu G, Zheng X, Xiang Y, Zhou W. E-AUA: an efficient anonymous user authentication protocol for mobile IoT. IEEE Access 2019;6(2):1506–19. April.
[29] Hiremath PN, Armentrout J, Vu S, Nguyen TN, Minh QT, Phung PH. MyWebGuard: toward a user-oriented tool for security and privacy protection on the web.
In: Proceedings of the future data and security engineering. Springer International Publishing; 2019. p. 506–25.
[30] Pham DV, Nguyen GL, Nguyen TN, Pham CV, Nguyen AV. Multi-Topic Misinformation Blocking With Budget Constraint on Online Social Networks. IEEE Access
2020;8:78879–89.

Jegadeesan Subramani received his Ph.D. degree in the faculty of information and communication engineering from Anna University, Chennai, in 2016. He is currently
working as an Associate professor in M.Kumarasamy Engineering College, Karur, Tamilnadu, India. His main thirst research areas include energy management in
wireless sensor networks, network, and information security.

Tu N. Nguyen is currently an Assistant Professor in the Department of Computer Science, Purdue University Fort Wayne. He earned the Ph.D. degree in electronic
engineering from the National Kaohsiung University of Science and Technology in 2016. He was a Postdoctoral Associate in the Department of Computer Science &
Engineering, University of Minnesota - Twin Cities in 2017.

Azees Maria received his Ph.D. degree in the faculty of information and communication engineering from Anna University, Chennai, in 2017. He is currently working as
the Assistant professor in GMR Institute of Technology, Rajam, Andapresh, India. He has already published the research papers in IEEE transactions on intelligent
transportation systems, cluster computing-springer and IET intelligent transport systems.

Arun Sekar Rajasekaran received his Doctor of Philosophy in Low Power VLSI design from Anna University, Chennai in 2019. He is currently working as an Assistant
professor in the Department of Electronics and Communication Engineering at GMR Institute of Technology, Rajam, Andhra pradesh. His areas of interest are Low power
VLSI design,Network security, Body area networks and Image processing.

Korhan Cengiz, Ph.D, SMIEEE was born in Edirne, Turkey, in 1986. He took his MS degree in Electronics and Communication Engineering from Namik Kemal Uni­
versity, Turkey in 2011, and the PhD degree in Electronics Engineering from Kadir Has University, Turkey in 2016. Since 2018, he has been an Assistant Professor with
the Electrical-Electronics Engineering Department, Trakya University, Turkey.

13