A New Secure Passwordless Multi-Server Modified Authenticated Master-Key Agreement Scheme Based on Hardware-Software and Iriscode Identifiers Through SSL/TLS Protocol for E-learning and Similar Web-based Services

: There is a growing concern about systems security and how to organize it. This is because the internet which is the backbone of all systems is regarded as unsafe. Also, the internet transmits all connection transactions in the E-learning and similar web-based systems and as a result, intruders and attackers by abusing security holes can compromise the system. The E-learning and other similar systems should be safe against threats and manipulation by intruders and should protect the privacy of users. The purpose of this paper is to provide an authentication model based on hardware, software and iriscode identifiers through the SSL/TLS protocol, in order to significantly improve the security and privacy level, while at the same time, maintain the system performance at an acceptable level. There are major differences between our model and other similar works, such as: no need to password in registration and login phase, using of iriscode identifier, isolation of users profiles based on hardware and software identifiers of relying party, enhancing master secret key exchange phase in the SSL/TLS protocol, no need to password change phase, strong performance in comparison with other approaches because of using SHA-3 function and removing password change phase, capability of providing authentication services over large networks and internet. Also according to conducted studies and tests, the mentioned solution can significantly improve the system security, as well as maintain its function at an acceptable level. Therefore the proposed model easily can be used for immunize E-learning and similar web-based systems that works through internet. The proposed model improves the 32.50% security and 63.58% execution time in comparison to average of five newest methods.


Introduction
Recently, the Internet has had a huge effect on the human community and created a revolution in the 21 st century. With the development of information and connection technology, the field of study cannot be isolated from the Internet and connections dispute (Dharmawansa et al., 2013). E-learning can be used in different ways, in different sectors and among different individuals. The network of a trading company can use E-learning to educate people in the field of trade. Online education is a fast developing field in education and has been used in many universities for numerous studies (Dharmawansa et al., 2013). E-learning has been developed in various fields such as distance learning, online learning and network-based learning and in general learning to promote interactions between students, lecturers and learner communities (Karforma and Ghosh, 2009). This learning method has several advantages compared to traditional learning, especially the ability to learn at any time and place (Richardson and Swan, 2003;Swan et al., 2000).
Most innovations in the field of E-learning focus on content development Sharable Content Object Reference Model (SCORM) and posting it, while privacy and security are not considered as a component in this regard. Although there is a growing need for higher levels of confidentiality and privacy in E-learning applications, these security technologies should be designed and implemented in such a way as to cover the existing needs. The perception and knowledge of consumers is on the rise concerning their rights to privacy and new privacy legislation has recently been introduced by various jurisdictions (El-Khatib et al., 2003;Zivi et al., 2017b).
The position of security and optimality of the system's function in the field of assessment is a special one that has been neglected in comparison with other features of these systems and has been addressed in fewer studies. For example, the study of (Attwell, 2006) on the field of assessing E-learning systems showed that in general, we can improve the way of learning and transferring concepts between the learner and professor; this study, however, has significantly mentioned the effectiveness of the E-learning system. Considering the privacy and security of discussion (Zivi et al., 2017b) along with the optimality and integrity of discussion in the assessment of the E-learning system, we cannot rely on this and refer to it during assessment (Zivi et al., 2017b).
Compared to other studies such as: (Chansuc and Praneetpolgrang, 2008), (Mustafa and Sharif, 2011), Khedr (2012) as well as (Bentley et al., 2012) studies, generally have assessed and improved the E-learning systems in terms of how to learn, the quality of the discussions raised, the quality of the system, the relationship between the professor and student and somehow the discussion of the effectiveness of this learning method. Therefore, according to the mentioned issues, the necessity of assessing the electronic learning system and, generally speaking, elearning, taking into account the security discussion and covering the existing gaps in this field, as well as the issue of the integrity and optimality of this type of learning system, appears to be more intense than the past.
Despite the fact that the Internet is regarded as a place to get necessary information and knowledge, it has the potential of being turned into a place for doing illegal activities. Information on the Internet is constantly being invaded by security threats. Therefore, the E-learning environment is affected by security threats (Mohd Alwi, 2010).
The aim of this research was to provide an authentication protocol based on hardware, software and iriscode identifier through a SSL/TLS protocol for the Elearning and other similar web-based systems such that specifically, a sample has been assessed and examined in the Islamic Azad University Electronic Unit (Zivi et al., 2017b) in order to promote the level of privacy, security in the system, protect the student information and maintain optimal function of the system. The reason for using a SSL/TLS protocol in this authentication model has been explained in detail in a previous research (Zivi et al., 2017a). In the previous study, a SSL/TLS protocol was compared with 2 other protocols called IKEv2 and IPsec and in most comparisons the SSL/TLS protocol provided the best result (Zivi et al., 2017a).
There are major differences between our model and other similar works, such as: No need to password in registration and login phase, using of iriscode identifier, isolation of users profiles based on hardware and software identifiers of relying party, enhancing master secret key exchange phase in the SSL/TLS protocol, no need to password change phase, strong performance in comparison with other approaches because of using sha3 function and removing password change phase and capability of providing authentication services over large networks and internet.

Literature Review
Remote user authentication is a method for authenticating users who remotely communicate with a server through an insecure network (Jeon et al., 2011). Unfortunately, password-based authentication models are still easily hacked by dictionary attacks. Song (2010) provide an authentication model using smart cards and passwords. But the reasons for the weakness of the this model is actually two. First, even if the model uses smart cards, it is still not easy to create a safe scheme against several attacks, because humans have difficulty remembering long passwords. Therefore, many of the models like (Song, 2010) are vulnerable to Password Guessing attacks using smart cards (Jeon et al., 2011). The second reason is that generally, smart cardbased authentication models are used in nearby scenarios, such as ATMs and the like, therefore their use in remote scenarios requires a separate infrastructure for card generation and authentication and increases costs significantly. The reason for the increased cost is the discussion valuation of security solutions. Generally, the interdependent cost of security solutions, which is referred to as real cost or real value, is computed in order to be cost-effective. The cost includes all additional costs that are related to the given security solution. For example, for a smart card-based remote authentication system, in addition to provide the necessary equipment, such as a card reader and a generation system for this type of smart card, it should include maintenance and support costs. The costs of integrating it with other systems, hiring a team for startup and support, the cost of purchasing servers and equipment required for the implementation of this system are all a part of the cost of these types of authentication systems. Since it is vulnerable to password-guessing attacks, this method is not necessarily considered as the safest method.
Therefore, (Li and Hwang, 2010), combined a user's biometric characteristics (such as fingerprint, iris and hand geometry) with a password and smart card for designing a remote user authentication model with a higher security level. They used secret keys that had a value of high confusion (Chuang and Chen, 2014).
The main feature of Li and Hwang's model was its biometricity. Li et al. (2010) showed that Hwang and Li's scheme presented in 2010 did not provide the correct authentication and is therefore vulnerable to MITM attack (Jeon et al., 2011). Then, Li et al. introduced an improved scheme to remove the weaknesses in Hwang and Li's scheme. Afterwards, (Jeon et al., 2011) found that Li et al.'s scheme, which was actually an improved version of Hwang and Li's scheme, is vulnerable to the Replay attack, as well as because of the structural weaknesses, the password-changing phase does not work properly and the reason is that when the user gives the system a new password, the system does not compare the old password with the sample saved in the system. Therefore, if the user inadvertently inserts the old password incorrectly, the Hash value will be different from the saved value and so the smart card and authentication process will be in a suspended state (Jeon et al., 2011).
But none of the above models supports multi-server environments and today this is considered as a limitation because there are now a variety of functional servers on the Internet. If the designed authentication model does not support multi-server environments, the user will have to do the registration process frequently and this will not only disturb the user, but also create a significant amount of overload on the server and network (Yang and Lin, 2014).
In the past decade, several multi-server authentication models have been introduced. (Lee et al., 2011) provided a multi-server authentication model and claimed that their model was safer and more efficient than existing models. Later, (Truong et al., 2013) showed that the model of Lee et al. introduced (Mishra et al., 2014).
Then (Sood et al., 2011) also proved the weakness of Hsiang and Shih's model and provided an improved model based on a dynamic identifier for multi-server environments. (However, Li et al., 2012) showed that Sood et al.'s model cannot withstand leakage attacks on the Verification Table and the stolen smart card. In addition, they provided an improved smart card-based authentication model for multi-server architecture, which required a control server to provide mutual authentication. The existence of a control server to control the mutual authentication process made the model inefficient (Mishra et al., 2014). Wang and Ma (2013) provided a smart card-based authentication model for multi-server environments. But (He and Wu, 2013) showed that Wang et al.'s model was vulnerable to the Privileged Insider, Server Spoofing, Impersonation and Offline Password Guessing attacks. Subsequently, (Pippal et al., 2013) provided a multi-server authentication model using a smart card. They claimed that their model is resistant to Server Spoofing, Impersonation, Insider, Replay, Password Guessing, Stolen Smart Card and Stolen Verifier attacks. But  explained that Pippal et al.'s model cannot withstand the user impersonation, Server Spoofing, Privileged Insider and Offline Password Guessing attacks. (Tsaur et al., 2012) identified the models that used Timestamp to withstand the Replay attack, because the models to withstand the Replay attacks required clock synchronization between senders and receivers. To overcome this problem, they provided a Self-Verified Timestamp method to prevent the clock synchronization problem in multi-server environments.
Password-based multi-server authentication models use secret keys and passwords to perform the authentication process. But the point here is that passwords may be forgotten or lost and/or even shared with others (Lee and Hsu, 2013). But on the other hand, biometric keys such as the fingerprint, face, iris, hand geometry, palm effect and etc. do not need to be memorized. The unique biometric characteristics have increased its applications in authentication protocols. The advantages of using the biometric keys are as follows (Li and Hwang, 2010;Das, 2011): • Biometric keys cannot be forgotten or lost • Biometric keys are highly resistant to forging and distribution • Biometric keys are very resistant to copying and sharing • Biometric keys cannot be easily guessed compared to passwords that have less irregularity • The biometric characteristics of an individual cannot be easily broken The models of (Yang and Yang, 2010) and (Yoon and Yoo, 2013) suggested biometric multi-server authentication models, but their models did not consider the user's anonymity. Also, Yoon and Yoo model was based on the ECC method, which in general was considered as a safe method with good performance (Chen et al., 2010;. In addition, the model of (Yang and Yang, 2010) was not resistant to the Insider's attack and it operated based on exponential functions, which greatly increased the computational cost (Yang and Yang, 2010), while the model of (Yoon and Yoo, 2013) as shown by (He, 2011) was vulnerable to attacks by the Privileged Insider, Masquerade and stolen smart cards. Then, (Yoon and Yoo, 2011) provided a biometric authentication key model for multi-server environments. (Kim et al., 2012) pointed out that Yoon and Yoo's model could not withstand the Offline Password Guessing attack. Thereafter, Kim et al. presented an improved model resistant to Offline Password Guessing attack. But their model was inefficient in identifying password authentication in the login and password change phase (Mishra et al., 2014). Their model also could not maintain the user's anonymity exactly like the models of Yang and Yang and Yoon and Yoo (Mishra et al., 2014). Subsequently, (Chuang and Chen, 2014) provided a multi-server authenticated key verification model based on smart cards with passwords and biometric characteristics. Their model provides an optimal solution for multi-server environments in which the user can connect with all servers with one sign-up. Their model maintains the user's anonymity and has less computational overload than previous models: Yang and Yang, Yoon and Yoo and Kim et al. but, unfortunately, their model cannot withstand a stolen smart card attack and as a result, it leads to Impersonation and Server Spoofing attacks. Their model also cannot withstand the DoS attack (Mishra et al., 2014). Also, in 2015, (Amin et al., 2015) provided a smart card-based authentication model for hospital information systems that used the ECC encryption system. But then (Chaudhry et al., 2016) claimed that the model of Amin et al. was vulnerable to Stolen Smart Card and Stolen Verifier attacks and did not properly handle the phase of the change and recovery of the passwords. Table 1 shows the advantages and disadvantages of examined authentication models.

Methodology
The software AVISPA is a collection of tools for building and analyzing official models. This software provides a modular and high level language for determining their protocols and security characteristics and implements a wide range of analysis techniques based on the back-end components (Armando et al., 2005). Models are written in HLPSL format or High Level Protocol Specification Language (AVISPA, 2014b). The mode of operation of the AVISPA simulator is shown in Fig. 1 (AVISPA, 2014b).
The HLPSL language is converted to an Intermediate Format (IF) using the Interface Translator, which is the HLPSL2IF translator. IF or Intermediate Format is lower than the HLPSL and is read and implemented directly by AVISPA's back or main modules. It is also worth mentioning that the process of converting HLPSL to IF has always been hidden from the user (AVISPA, 2014b).
The AVISPA tool has four main components, the socalled back-end (AVISPA, 2014b). The most used backend in the AVISPA simulator is the OFMC (Das et al., 2013;Chatterjee et al., 2014), which is also used in the given model. It should be noted that the AVISPA simulator (software) can be accessed from three different ways: (1). Through the web interface (AVISPA, 2014d) (2). Through the operating system version of Linux and (3). Through the Mac operating system (AVISPA, 2014c). If you work with the software through the web interface, you can select one of the existing protocols to simulate, in which case you can modify it or change it, or even design your protocol (AVISPA, 2014b).
The user can choose among the four back-ends to check the protocol, or even use them all together and then compare the results (AVISPA, 2014b).
It is also necessary to mention a point about the AVISPA simulator. In the AVISPA simulator, when defining the sides of the relationship, an attribute called DY is used along with the name of Channel. In fact, this attribute refers to the model presented in 1983 by two individuals, (Dolev and Yao, 1983). Under this model, the intruder has complete control over the network, in which all the messages sent by agents are also sent to the intruder. He may copy or analyze the messages and/or change them (of course as soon as he gets the keys) and can send that message to anyone he wants, of course, this is done by the opposite agent who is instead of him (AVISPA, 2014b).

Scenario1: The Model Associated with the SSL/TLS Protocol
This section has been created to provide the authentication operation for securely transmitting the server's secret key and shared key that provides SSO capability. In the SSL/TLS protocol, after the server authentication, the shared key is generated by the user's side software and then transferred to the server after being encrypted with its public key. But in this model, in addition to these, the mutual authentication is carried out for safely transfer of these two important keys. Also in this phase the shared key created using one-time use and randomly generated values in both sides.

Scenario 2: The Model Associated with the Enrollment, Login and user Authentication
In the second scenario, to provide security in the model and prevent attacks such as: MITM and Replay, Nonce is used on the server and the client. There is no need for timestamp in this model and therefore there will be no cost for its use. Some of distinguishing attributes such as: hardware, software, iriscode identifier and passwordless capability implement in this part of the authentication scheme.

Provide, Examine and Assess the Authentication Model
Given the scenario proposed for the Authentication Model in the Methodology Chapter, the authentication model discussed in this study is generally divided into two parts. Given that this authentication model is based on the SSL/TLS security protocol, shown in Fig. 2, the first part of the model was intended to secure and improve the security of the SSL/TLS protocol, which is in perfect harmony with the second part of the model. In other words, this authentication model based on hardware-software and biometric identifiers constitutes two distinct parts that can be used separately. The reason behind the creation of the first part of the model is that the SSL/TLS protocol, as a security protocol, has no efficient and strong mechanism for secure keys' transfer by the protocol.

Fig. 3: General Method of Authentication Procedure between User and E-learning Server
The second part of the model is fully in line with the first part of the authentication model, which operates on the basis of the safe SSL/TLS protocol. Also, in this part mutual authentication is fully supported, as well as SSO, which is also available for the user through the utilization of a shared value by the server. Also, this model is completely free of passwords and does not have many weaknesses which are associated with passwords. Using of Iriscode as the most robust and precise biometric method, will increase the security and function of this model. Finally, through the use of hardware-software identifiers, the ability to isolate users in connection with the e-learning and similar systems is created (Fig. 3).

Prerequisites of the User
Authentication model should be user-friendly, the following were considered in the scheme of the model (Chuang and Chen, 2014): • Single sign on: In this case, the user only needs to perform the enrollment process on the authentication server and then he is authenticated by all servers and can access various educational content (Chuang and Tseng, 2012) • Anonymity: The user privacy is one of the most important cases in the authentication process. In fact, an anonymous authentication process requires that the user does not use his associated identifiers, meaning the main identifier is converted to a false one during the process

Security Prerequisites
According to the studies conducted by (He, 2011), (Li and Hwang, 2010), (Yoon and Yoo, 2011), (Yang and Yang, 2010), , (Yoon and Yoo, 2013),  and (Li et al., 2013) an authentication model considers the following security prerequisites (Chuang and Chen, 2014): • Mutual authentication: This capability points to the fact that in the authentication process, in addition to requiring the user to authenticate the server, the server should also authenticate the user • Efficiency: Depending on the number of users who communicate with the server overnight, the authentication model should have the needed efficiency, so that the system does not encounter problems such as slowing down, resulting in increased overload on the server • Independence of the Verification Table: In most applications and models, the central server of the authentication process saves the passwords, which can cause attacks such as Stolen-Verifier attacks.
Therefore, the authentication model should be independent of keeping the Verification Table. Many models require a solution to not use the passwords Table, but this capability is fully supported because this model does not require the verification table • Integrity: The message integrity points to the fact that the data does not change without prior detection and, in the case of unauthorized changes, this issue is quickly detected • An agreement on the session key: After doing the authentication process, the session key generated between the client and server is exchanged to securely communicate so that the user's relationship with the server always remains secret

Characteristics of the Hash Function
A resistant hash function to one-way collision shown in the form of h:{0,1} * →{0,1} n is known as a definite or specific algorithm (Sarkar, 2010); (Stinson, 2006) Extract, import and send hardware, software and biometric identifiers Verify sent identifiers and establish secure session with relying party 6 output with constant length n. A hash function may receive anything as the input, such as a file, a message, or even a data block. The hash functions generally have the following characteristics (Stallings, 2005): • The h(.) function can be applied to any data size • For each input x, it is easy to calculate the output h(x) and its implementation is easy as hardware and software. The output length of the hash message h(x) is constant • Returning the value of x given by the value of y = h(x) and the function h(.) is not computationally costeffective and is referred to as a one-way attribute • For each given input x, finding any input y ≠ x such that h(y) = h(x) is not computationally cost-effective and is referred to as the "weak-collision resistant" attribute • Finding an input pair (x, y), which is x ≠ y and h(x) = h(y), is not economically feasible, which is referred to as the strong-collision resistant attribute The security of this authentication model is provided through the hash function SHA-3, which has a high resistance to Collision, Preimage and 2nd Preimage attacks. This function also has 4 arbitrary lengths in the standard SHA-3 functions, which are 224 bits, 256 bits, 384 bits and 512 bits, respectively. In general, the longer the output of the hash function, the higher the security will be. For the hash function h(.), when the message x is given to it, the calculation of h(x) is simple; however, it is very difficult to calculate x from the h(x) code and it requires high execution time, so in general, it is impossible to calculate it.
The use of hash functions often requires resistance to attacks such as Collision Resistance, Preimage Resistance, or Second Preimage Resistance. These characteristics are shown for SHA-3 and XOF functions in the following Table 2. In producing related and closely related outputs, XOF functions are different from hash functions (Bertoni et al., 2015).
As a result obtained from this standard, the security strengths of SHA-3 functions are shown in Table 2. The functions SHA-1 and SHA-2 were placed in the Table 2 for comparison (Bertoni et al., 2015).
To resist the Preimage attacks on the message M, the , so that B is the length of the input block for the function in bits; in other words, for functions SHA-1, SHA-224 and SHA-256, B = 512 and for SHA-512 function, B = 1024 (Bertoni et al., 2015). Four SHA-3 hash functions are an alternative to SHA-2 functions; they have been designed to withstand Collision, Preimage and Second Preimage attacks, which provide more resistance than SHA-2 functions. SHA-3 functions have also been designed to withstand other attacks, such as: Length-extension attacks, which generate more resistance through a random function on the same output length, in other words, depending on the length of the output that can be varied, the same security power is provided for them according to the random function (Bertoni et al., 2015;NIST, 2016).
Two SHA-3 XOF functions have been designed to withstand Collision, Preimage and Second Preimage attacks and other attacks triggered by a random function for the output length required increasing the security power of 128 bits for SHAKE128 and 256 bits for SHAKE256. A random function that has a d-bit output length cannot provide more than d/2 security bits for Collision attacks and d security bits for Preimage and Second Preimage attacks, so if d is sufficiently small, according to Table 2, SHAKE128 and SHAKE256 will provide less than 128 and 256 security bits. For example, if d = 224, then SHAKE128 and SHAKE256 provide 112 resistance bits to collision attacks, although they provide a different level of resistance to Preimage attacks: 128 bits for SHAKE128 and 224 bits for SHAKE256 (Bertoni et al., 2015;NIST, 2016). Table 2: Security Strengths of SHA-1, SHA-2 and SHA-3 Hashing Functions (Bertoni et al., 2015) Security Strengths in Bits  (Bertoni et al., 2015).

Enrollment and Authentication of the Server
The server enrollment phase is performed on the models of (Chuang and Chen, 2014;Mishra et al., 2014) using the IKEv2 protocol, based on the RFC-4306 document (Kaufman, 2005). The method is that initially the server which is intended to be authorized sends the request to the registration center. Then, the registration center verifies the server first and then sends a PSK key using the IKEv2 protocol to the requesting server. It should be noted that the secure transfer key algorithm in the IKEv2 protocol is the Diffie-Hellman algorithm. Then, the server validates legitimate users using the request key. But in the model presented in this study, the enrollment phase of the server as well as the server authentication using the SSL/TLS protocol, are based on the PKI infrastructure and standard X.509 (Ristic, 2015) ( Fig. 4 and 5).   Nonce of Server j in the server authentication phase N k Nonce of User i in the user login and authentication phase N l Nonce of Server j in the user login and authentication phase N x Nonce of User i in the server authentication phase N y Nonce of Server j in the server authentication phase T r Time of Registration request in the user registration phase SSKuisj Secret Symmetric Key that shared between User i and Server j in the server authentication phase The Authentication Model based on Hardware-Software and Iriscode Identifiers As earlier mentioned, the authentication model has 2 parts. One of the key characteristics of this model is the lack of Timestamp to prevent Replay or MITM attacks. Using Timestamp characteristic prevents the above attacks, but it should also be noted that if Timestamp should be used, we need Clock Synchronization which actually incurs additional costs involved in the implementation discussion and if the Time Zone is different between the different users the problem will become more evident, even considering the value of offset for the time of sending and receiving packets will not also be effective. The presented model is based entirely on Nonce and while resistant to Replay and MITM attacks, there is no execution time due to the implementation of Timestamp. The Table 3 shows the parameters used in the model.

Enrollment Phase of the Server
• Stage 1: First, the server S j sends a digital certification request to the CA server to receive a digital certificate. All of these connections are based on the PKI infrastructure and X.509 standard. It should be noted that there is generally a digital certification request using the SCEP protocol. The enrollment process for the server S j is called Certificate Enrollment • Stage 2: At this stage, the CA server will first authenticate the server S j to ensure that the server S j is the same server that is with the CA server and has the same identifiers validated by the CA server. If the authentication is successful, it goes to the next stage, otherwise the connection will be disconnected • Stage 3: At this stage, the CA server signs the public key of the server S j using its private key and creates a digital certificate specifically for it, called DCERT j . Finally, this digital certificate will be sent to the server S j • Stage 4: At the final stage, the server S j checks and validates the digital certificate after receiving it and the process for requesting and obtaining the digital certificate is completed (Fig. 6) Authentication Phase of the Server After the server S j sends the digital certification request to the CA server, a digital certificate will be sent to it by performing a series of processes and authentication of the server S j . The certificate essentially contains a set of parameters that are located alongside the public key of the server S j and proves its identity in front of all the referring users. When a user U i is referred to the server S j , the server S j is initially authenticated and in this phase the secret key is exchanged between the user and the server. In this phase, in addition to the secret key exchange, mutual authentication is also performed to ensure the correct parties (Fig. 7): • Stage 1: First, the server Sj sends the DCERT j digital certificate received from the CA server to the user U i • Stage 2: Upon receipt of the DCERT j certificate, the user U i verifies the four conditions including: (1). Because the public key of the server S j has been signed by the private CA server, so the user U i first tries to decrypt it by the public key of the CA server, if the public key on the side of the user U i can open it, this stage is successful, otherwise the connection will be disconnected. It should be noted that the value encrypted by the CA server's private key is known as HMAC, which contains the public key of the server S j .
(2). At the next stage, the user U i compares the name of the certificate recipient with the address bar of his web browser and if it matches, this stage will also be successful, otherwise the connection will be disconnected.
(3). Then the user U i checks the duration of the validity of the DCERT j certificate, which should not be past the validity period. (4). Finally, the user U i checks that the DCERT j certificate issued for the server S j is not in the list of void certificates or CRLs. If these four conditions are met, the user U i authenticates the server S j identity (Fig. 9) • Stage 3: Then the server S j generates a single-use or nonce random number, called N j and using its own identifier i.e., SRVID j , DCERT j , N j creates a shared key called MPSK j , which is as follows: MPSK j = HF3(N j ||SRVID j ||DCERT j ). The server S j then encrypts this key using the U i public key and sends it to the user U i • Stage 4: After receiving the MPSK j key, the user U i generates a single-use or nonce random number, called N x . Then, using this value, generates a message called A 1 in this form: A 1 = HF3(MPSK j )⊕N x , encrypts it by the public key of the server S j and then sends it to the server S j • Stage 5: The server S j first extracts the N x value through the Eq. N x = A 1 ⊕ HF3(MPSK j ). Then, the server S j selects a nonce called N y and using the two values of N x and N y generates a message called A i in this way: A i = HF3(N x )⊕N y . Then, using the value of A i , a message called A 2 is created in this way: A 2 = HF3(MPSK j )⊕A i , encrypts it with the public key of the user U i and finally sends it to the user U i • Stage 6: The user U i initially extracts the value of Ai from the Eq. A i = A 2 ⊕HF3(MPSK j ); then, using the value of A i and by means of the Eq. N y = A i ⊕HF3(N x ), N y is obtained. Finally, using the values of N x , N y , A i , DCERT j and MPSK j , a secret symmetric key is generated, which is as follows: SSKuisj = HF3(MPSK j ||DCERT j ||A i ||N x ||N y ) and the result of the confirmation is sent to the server S j as encrypted • Stage 7: The server S j , after receiving the confirmation message, calculates the secret symmetric key with the above values as in Stage 6 ( Fig. 7

Enrollment Phase of the User
After performing the server S j authentication stage and exchanging the secret session key, all messages are encrypted and decrypted using the SSKuisj secret key. In this phase, the user U i plans to enroll on the server S j . The user U i enrollment phase is performed using the parameters of ID i , biometric identifier BID i and the single-use random number or nonce N i . according to Fig. 8, These stages are as follows: • Stage 1: The user U i initially generates a nonce called Ni, then using three temporary variables of K1, K2 and K3 creates the following messages: K 1 = HF3(BID i ||N i ), K 2 = HF3(ID i ⊕ N i ) and K 3 = ID i ⊕N i . In fact, the user U i enters into the system, his IRIS biometric ID in the 3 messages and also confirms that he has generated and sent his nonce N i value. Finally, the user U i sends a message consisting of four components {ID i ,K 1 ,K 2 ,K 3 } to the server S j • Stage 2: After receiving messages from the user U i , the server S j first calculates the N i value through the Eq. N i = ID i ⊕ K 3 . Then the server S j begins to make several new messages using the sent values: In this phase, T r is the time taken to receive the messages {ID i ,K 1 ,K 2 ,K 3 }, which the server S j itself records • Stage 3: Finally, the server S j saves a message consisting of three components {O i ,P i ,Q i } and sends a confirmation message to the user U i

Login and Authentication Phase of the User
In this phase, the user U i intends to enter the website of the E-learning system. After performing the authentication process of the server S j , the following stages are performed as follows, (Fig. 9): • Stage 1: First, the user U i will enter into the system his identifier ID i and then the biometric identifier BID i • Stage 2: Then the user U i takes a single-use or nonce random value, considers HF3(ID i ) and calls them N k and X 1 , respectively. Then, the user U i calculates 3 messages to this form through these values: R 1 = N k ⊕ HF3(MPSK j ), R 2 = HF3(M i ||N k ) ⊕ X 1 and R 3 = HF3(X 1 ||M i ||N k ). Finally, the user U i sends a message consisting of four components {Q i ,R 1 ,R 2 ,R 3 } to the server S j • Stage 3: As soon as the message {Q i ,R 1 ,R 2 ,R 3 } is received, the server S j using its own dedicated key, MPSK j , extracts L i value from the Q i message, as follows: L i = Q i ⊕ MPSK j . Then, the N k and X 1 values are extracted into this form: N k = R 1 ⊕ HF3(MPSK j ) and X 1 = R 2 ⊕HF3(M i ||N k ). It is worth mentioning that for the server S j to obtain the value of M i , it only needs to calculate the second order hash function of L i • Stage 4: Then the server S j checks the correctness of the Eq. R 3 = HF3(X 1 ||M i || N k ) using the obtained values, i.e. X 1 , M i and N k . If the Eq. exists, it goes to the next stage, otherwise the connection is immediately disconnected • Stage 5: At this stage, the server S j chooses a nonce called N l , then generates the message R 4 = N l ⊕ HF3(X 1 ||N k ) and sends it to the user U i • Stage 6: The user U i first obtains the N l value through the Eq. N l = R 4 ⊕ HF3(X 1 || N k ) and calculates the value of X 2 = HF3(BID i ). Then it computes the messages of R 5 = X 2 ⊕K 2 ⊕N l and R 6 = HF3(X 2 ||N k ||N l ||K 1 ) and finally sends a message consisting of 3 components {K 1 ,R 5 ,R 6 } to the S j server • Stage 7: The server S j first sets up the K 1 message in the Eq. O i = M i ⊕ K 1 , calculates the O i value and compares the new O i value with the value saved in its memory; if they are equal, they will go to the next stage otherwise the connection is disconnected. Then, the server S j obtains K 2 and X 2 values, respectively, through the Eqs. K 2 = HF3(MPSK j )⊕ P i and X 2 = R 5 ⊕ K 2 ⊕ N l respectively. With K 1 and X 2 values, the server S j verifies the correctness of the Eq. R 6 = HF3(X 2 ||N k ||N l ||K 1 ). If the new value matches the value sent by the user U i , this stage is successful and the user U i is identified as an authenticated user, otherwise the connection is immediately disconnected • Stage 8: At the final stage, the user U i extracts his hardware and software identifiers from the system and sends them to the server S j in this way: Q 1 = HF3(CPUID i ||BBID i ||MMID i ) and Q 2 = HF3(OSID i ||BA i ) Finally, the server S j attributes these two messages to the user U i and uses them to identify the log in usage; that is, if the user U i intends to be in place of someone else when he/she enters the Elearning system it will not be possible for him/her to enter, because he/she can only log in once for his hardware and software characteristics. (Fig. 9)

Prove the Authentication Model based on the Analysis of Security Relationships
This section examined several different states from the standpoint of security relationships on the model. Some of these analyses are done by considering a third element i.e., the attacker in the model and others are examined based on the characteristics that are supported in the model.

Insider Attack
In the provided model, the user U i never sends his/her own identifier data i.e., biometric identifier directly to the server S j , but it is actually sent in the form of an implicit message, K 1 = HF3(BID i ||N i ). Also, in the destination i.e., the server S j , the random number or nonce is obtained from the Eq. N i = ID i ⊕K 3 . And virtually none of Ni and BID i values are explicitly used. As a result, the discussed model is entirely safe against the Privileged Insider attack.

User Anonymity
The combined message {Q i ,R 1 ,R 2 ,R 3 } will be sent during the implementation of the login and authentication phase. The ID i is virtually protected by HF3(M i ||N k ), while the N k value is protected by HF3(MPSK j ). To get an ID i , both M i and MPSK j values are required. Because M i is protected by 2 components of ID i and BID i , it is impossible to obtain M i by the intruder (I). Also, the user's anonymity is supported by hiding ID i by HF3(M i ||N k ).

Password Guessing Attack
The model in question is also completely free of the use of password. This is because the model only works with ID i and BID i , which are biometric identifiers of the Iris type proven in Chapter 2 and is considered as the safest biometric method with the least error. Therefore, none of the password-related attacks are a threat to this model.

Using Randomly Generated and one Time Use Values
Implementing Timestamp mechanism to counteract Replay attacks requires Clock Synchronization between the sender and receiver during login and authentication operations, which will result in execution times as well as development and implementation costs. The model in question is completely based on the non-randomized single-time or nonce and unique random number structure and each time the values of the secret key, shared key, login and authentication messages are changed.

Replay and MitM Attacks
An intruder or attacker with (I) symbol to perform Replay and MitM attacks uses previously sent messages {Q i ,R 1 ,R 2 ,R 3 }, {R 4 }, {K 1 ,R 5 ,R 6 } and/or {A 1 ,A i ,A 2 }. But the model under discussion has the ability to withstand Replay and MitM attacks. The following stages illustrate this issue: and finally approves the message R 3 = HF3(X 1 ||M i ||N k ). Because all these messages are exactly replayed by the intruder (I), so these stages are done without interruption • Then the server S j selects a random and single-use number N l ′ and then sends the message R 4 ′ = N l ′ ⊕ HF3(X 1 ||N k ) to the user U i . The intruder (I) will send the message R 4 and then try to replay the server S j using a suitable message, but for two reasons it does not succeed: 1. When the intruder (I) tries to replay the server S j using messages {K 1 ,R 5 ,R 6 }, after receiving these messages, the server S j tries to retrieve the X 2 value and then verifies the correctness of the Eq. R 6 , but because N l ≠ N l ′, this does not happen and the connection is disconnected i.e., R 5 ′ ≠ R 5 and R 6 ′ ≠ R 6 2. Even if the intruder (I) wants to replay the server S j using the messages {R 5 , R 6 ′}, it should be able to compute the values of N l ′, N k , K 2 and X 2 . It is known that the values of X 2 and K 2 contain BID i and ID i and the intruder (I) cannot actually capture them. Also, the K 2 value is obtained from the combination of ID i and N i , so the intruder (I) should also guess the value of N i , as well as the values N k and N l ′ also have the same procedure. In addition, these values are combined with each other by the XOR operator and SHA-3 hash function. So the intruder (I) cannot use messages {R 5 ′,R 6 ′} for Replay and MitM attacks It is also true that the server authentication phase is exactly the same as the routine. That is, if the intruder (I) replays the message A 1 to the server S j , the server S j first retrieves the N x value and continues to work without interruption. At the next stage, the server S j chooses a single-use random value of N y ′, sends the message A i ′ and finally A 2 ′ message and sends the message {A 2 ′} to the user U i . But the intruder (I) takes that message and tries to reply the server S j which have the encrypted messages. Given that the replay from the intruder (I) is primarily the confirmation of the results, the server S j calculates the secret key for itself and the intruder (I) has no access. Even if the intruder (I) decides to guess the secret key, this will not be possible because the key is originally protected by N x , N y ′, A i and MPSK j values. Also, the MPSK j value is also protected by the values of SRVID j and N j , so the intruder (I) should also guess these values. Therefore, the server authentication phase is also fully resistant to Replay and MitM attacks.

User Impersonation Attack
In this attack, the intruder (I) can put itself in the place of the legal user U i and enter the server S j or get the key value in the server's authentication phase. Although our proposed model is quite resistant to this attack, the intruder (I) cannot take advantage of this attack: • Intruder (I) may want to use a Replay attack on the server Sj, which will not succeed because of the resistance of this model against this attack • In the latter case, intruder (I) can create artificial messages {Q i ,R 1 ′,R 2 ′,R 3 ′} or {A 1 }using a random and single-use value N I : . The attempt of intruder (I) will fail because these messages cannot be calculated, as a result of the following reasons: 1. Intruder (I) is not able to calculate the messages A 1 ′ and R 1 ′ because there is a need to know the MPSK j value and this also requires that intruder (I) knows the values of SRVID j and N j which is virtually impossible 2. Intruder (I) cannot calculate the message R 2 ′.
Because X 1 and M i information is required to calculate R 2 ′. X 1 basically contains ID i which intruder (I) does not actually know, as well as the value of M i is protected by the values of T r , ID i , MPSK j and N i and thus the calculation of R 2 ′ message is practically impossible for intruder (I) 3. Intruder (I) also cannot calculate the R 3 ′ message. To calculate R 3 ′ just like R 2 ′, intruder (I) needs to know X 1 and M i , which is practically impossible 4. Also, intruder (I) is not able to get the message M i . To calculate the value of M i from the message O i , intruder (I) should know the value of K 1 , which is protected by the values of BID i and N i and if it is desired to calculate it directly, it is much harder because the values of ID i , MPSK j , T r and N i should be obtained. This is also impossible

Server Spoofing Attack
Under this attack, intruder (I) can be replaced with the server S j . This is actually impossible because in this model, the server S j is always authenticated through the SSL/TLS protocol and in this process the server S j provides DCERT j and MPSK j values which, as stated above, the MPSK j value is completely secure against this attack. The DCERT j component is in fact a digital certificate that the server S j provides to the CA server and it's impossible to rebuild it. Even after these stages, also calculating and transmitting the messages A 1 , A i and A 2 can lead to the safe calculation of the secret key as well as the authentication of the parties, which makes it even more difficult to perform. However, if this impossible assumption becomes possible, it will still not be possible for intruder (I) to complete the login and authentication processes: • When the user U i sends the login request {Q i ,R 1 ′,R 2 ′,R 3 ′} to the server S j , intruder (I) takes this message when sending, which is R 1 ′ = N k ′ ⊕ HF3(MPSK j ), R 2 ′ = HF3(M i ||N k ′) and R 3 ′ = HF3(X 1 ||M i ||N k ). Intruder (I) can resend the combined message {R 4 } in {Q i ,R 1 ′,R 2 ′,R 3 ′} when replying to the received message. In this case, intruder (I) will not succeed because the R 4 message contains N l value that was previously used and naturally N l ≠ N 1 ′ • In the latter case, intruder (I) tries to make the message R 4 ′. In order to make this message, intruder (I) needs to know the values of X 1 and N k ′ that it is impossible and thus intruder (I) is not able to calculate the R 4 ′ message

Mutual Authentication
The model presented in this study supports mutual authentication in all phases. Generally, in this model, first the server is authenticated on the basis of PKI infrastructure and the X.509 standard and then on the user's login and authentication phase, the user U i is authenticated. But in each phase, authentication is also performed when transmitting messages. In the server authentication phase, after providing {DCERT j , MPSK j } identifiers when transmitting {A 1 ,A i ,A 2 } messages, both the user and server are authenticated and this is done by nonce values, the server ID, the shared key and the secret key calculation in both sides. Also, in the login and authentication phase, the user U i identity and server S j are re-evaluated by exchanging messages {Q i ,R 1 ,R 2 ,R 3 }, {R 4 } and {K 1 ,R 5 ,R 6 }. Therefore, this model fully supports Mutual Authentication.

Secrecy of the Known Key
Assuming that the SSKuisj key between the server S j and user U i has been gotten by intruder (I). But the SSKuisj key does not disclose any information from other connections between the user U i and server S j : • Each SSKuisj secret key has been created using SHA-3 hash function, which has a high resistance to Collision, Preimage and 2nd Preimage attacks. Therefore, no information can be obtained from inside • Also, each SSKuisj secret key is made using variable components of MPSK j , A i , N x and N y , each with different values Therefore, no information about other connections between the server S j and user U i is disclosed and as a result, this model supports the Known Key Secrecy.

Forward Secrecy
Intruder (I) can calculate the SSKuisj session key by parameters A i , N x , N y and MPSK j . But this is impossible for intruder (I) because: • In order to calculate SSKuisj key, the value of A i is required. This value is always hidden against intruder (I) and protected by the values of N x and N y • Also, in order to calculate the SSKuisj key, N x and N y values are required which intruder (I) cannot calculate because they are single-use and do change in each connection • Finally, intruder (I) needs to calculate the SSKuisj key to know the MPSK j value, which is virtually impossible, since this value is also generated using N j and SRVID j Therefore, the authentication model fully supports the Forward Secrecy.

Randomly and Temporary Information Attack
The attack also stems precisely from the lack of Forward Secrecy, which means that intruder (I) tries to make SSKuisj using N x , N y , A i and MPSK j values. But this is impossible because the values of N x and N y are always hidden and even if we assume that these two values are at the hand of intruder (I), the MPSK j value is still hidden and protected by the SHA-3 hash function and the values of N j and SRVID j . N x and Ny values are also protected by the SHA-3 hash function and their value changes in each connection. In addition, they are single-use. So the likelihood of the attack is also lost.

Agreement and Verification on the Session Key
It is important to note that the key SSKuisj = HF3(MPSK j ||DCERT j ||A i ||N x ||N y ) is always calculated between the user U i and server S j and is not transmitted at all. Also, to calculate this key, its components are always verified by both the user and server. Therefore, Session Key Agreement and Verification is fully supported.

User and Computer Isolation Based on Hardware-Software and Iriscode Identifiers
The capability that distinguishes this authentication model from other models is the use of hardware and software identifiers. Using these identifiers, each user can only log in to the E-learning system through a computer system at the same time and if he wants to enter instead of several people, it will not be available to him through the biometric characteristic as well as hardware and software characteristics. Because his hardware and software characteristics are assigned only once each time. Also, the biometric characteristic will not allow it. Even if several students are willing to perform the biometric authentication, they will not be able to log into the E-learning system through a computer system by assigning hardware and software characteristics as well. Therefore, the model under discussion completely supports this new capability.

Secure Passwordless Scheme
Another unique capability of this model is that there is no need for a password. Passwords may be forgotten, taken, or stolen. But the biometric characteristic does not have these weaknesses and because the model presented in this study uses the Iris biometric characteristic, so this authentication model is in fact the most precise and safest method of authentication.

Efficient SSO Capability
Given that the discussed authentication model uses the sharing key that all servers previously shared among themselves, this model fully supports single authentication.

Assess the Authentication Model using the AVISPA simulator
This section assessed the authentication model using AVISPA simulator. The assessment uses AVISPA and OFMC is the component of the model implementation for performing security or back-end simulations. This assessment is also carried out in the form of two scenarios. The first scenario is, in fact, the first part of the authentication model that acts on the basis of the SSL/TLS protocol, while the second scenario entails enrollment, login and authentication of the user.

Scenario 1: Assess the First Part of the Authentication Model
This section is actually based on how the SSL/TLS protocol works. Given that the SSL/TLS protocol is a security protocol for the server authentication, this is a structure for the secure key transfer and mutual authentication during the key transfer.
Also, another goal of this phase is, in fact, to secure the transfer of the share key of the S j server, because this key plays an important role in the second phase and essentially the SSO capability is achieved using this key.
The SSL/TLS protocol by AVISPA is also considered as a secure protocol and its security has been proven according to the simulated codes of this protocol (AVISPA, 2014a) (Fig. 10a, 10b, 11a and 11b). Generally, each model consists of five parts, the client and connections, the server and its connections, the definition of the connection channels, the intruder or attacker and, finally, the protocol objectives, of course WMF protocols have 6 parts because there is also an interface server.

Scenario 2: Assess the Second Part of the Authentication Model
Based on Figures 10 and 11, the first part of the authentication model is completely safe with respect to the simulation result in the software AVISPA. Now, the second part of the authentication model is assessed. Also based on the Fig. 12a, 12b, 13a and 13b, all parts of this authentication model based on hardware-software identifiers are completely secure. The security of this model was also proven by both the security assumptions and software AVISPA simulation. Therefore, this model or authentication protocol can be used to secure electronic learning connection. Of course, considering that the E-learning system is considered as one of the information systems, this protocol can be used to secure other similar information systems. This model could also be used for most web-based services, as it is fully compatible with the SSL/TLS protocol and moreover it provides high security for web-based services.   alice_bob_sskuisj, comp1, comp2, comp3, comp4, comp5

Assess the Authentication Model in Terms of Execution Times
In this section, the authentication model presented in this study is assessed from the perspective of execution time. This assessment is based on the number of functions and operations used in the model. According to Table 4, the types of parametric execution times are divided into 7 categories.
Also, according to Table 5, the approximate execution time of public key algorithms, digital signatures, secret keys and hash functions are presented in order to compare the algorithms relatively (Chuang and Chen, 2014).
According to the data presented in this section, in order to calculate the execution time of this model, in general the number of algorithms and hash functions are counted in all phases. According to Table 6 and 7, it can be said that the proposed model has a very good function. Given that the discussed model is used in remote scenarios, so the presence of exponential operations resulting from the public key encryption operations and the secret key encryption operations is not only justifiable, but also absolutely necessary. In all similar models, the authentication operations are performed on internal or intranet networks and/or in nearby scenarios such as ATMs. Thus, there is no need for the presence of the public and secret key encryption operations. Therefore, according to the obtained result, it can be said that the proposed model has quite a good performance in all phases of the authentication.  const ui, sj: agent, ka, kb, ki: public_key, hf3, xor, keygen: function, alice_bob_nx, bob_alice_ny, alice_bob_sskuisj, comp1, comp2, comp3, comp4, comp5: protocol_id intruder_knowledge = {ui, sj, ka, kb, ki, inv(ki), hf3, xor} composition session(ui, sj, ka, kb, hf3, xor, keygen) /\ session (ui, i, ka, ki, hf3, xor, keygen) /\ session (i, sj, ki, kb, hf3, xor, keygen)     It should be noted that 6 exponential execution times and 8 execution times of the hash function in the server authentication phase are related to the SSL/TLS protocol and is not a part of the presented authentication model. But given that it has been used in this model, they have also been mentioned. Another point is that the execution time is not considered for the server enrollment phase, as there are different methods and protocols for this purpose, as well as this phase is rarely done and its execution time is not considered according to the interval of doing it, which is usually each year or every 2 years.

Compare the Proposed Model with Other Models in Terms of the Security and Functional Capabilities
In this section, we compare the model presented in this study with other models in terms of security and function capabilities. According to Table 8 : User anonymity, SFF2: Insider attack, SFF3: Password guessing attack, SFF4: Maintaining performance and security on the internet and web services, SFF5: Denial of service attack, SFF6: Known session key attack, SFF7: User impersonation attack, SFF8: Server spoofing attack, SFF9: MitM attack, SFF10: Replay attack, SFF11: Mutual authentication,SFF12: Efficient SSO capability, SFF13: Session key agreement and verification, SFF14: Using randomly generated and onetime use values, SFF15: User and computer isolation based on hardware-software identifiers, SFF16: Secure passwordless scheme     (Zivi et al., 2017a), (Chuang and Chen, 2014) and (Chaudhry et al., 2016) for proposed model and other methods Models Execution times (Microsecond) Improvement of proposed method (%) Kim et al. (2012) 20237.0 67.09 Yoon and Yoo (2013) 20237.0 67.09 Chuang and Chen (2014) 11357.9 −6.22 Mishra et al. (2014) 11376.1 −6.07 Amin et al. (2015) 35853 . Kim et al., Yoon and Yoo, Chuang and Chen, Mishra et al. and Amin et al. models, five IKEv2 operations for acquiring the same result is considered. This five IKEv2 operation is for client side configuration: (1) request from the server for client side configuration, (2) respond from the user for applying this configuration, (3) sending configuration script or algorithm for receiving validation message, (4) sending system-level execution permission and (5) sending configuration result. Also the IKEv2 task processing time choose from our previous research. This value is average of task processing time in 10%, 30% and 50% of background traffic in 3 states of evaluation (Zivi et al., 2017a) Also Table 9 shows the Security and functional features improvements in percent for proposed model in comparison to other models. To calculate the security percentage of each method, (second column of Table 9), considering 16 security components with a security percentage of 100 (proposed method), with assuming that the security components have an equal importance (Table 8), each security component has a 6.25% impact on overall security. Therefore, based on the third column of Table 9, to calculate the security percentage of each method, the number of security components is multiplied by 6.25% and the second column of Table 9 is created.

Compare the Model Presented with Other Models in Terms of the Execution Time
In this section, we compare the model discussed with other models from the perspective of execution times. Given that the discussed model consists of 4 parts of the server enrollment, server authentication, user enrollment, user login and authentication of the user, so in each section, the numbers of operations performed with other models were compared.
According to Table 10 and 11, the discussed model has a desired and acceptable function. As stated above, the model presented in this study has been designed to secure the E-learning system connection; given that the connection of an E-learning system is done through the Internet connection platform, so not only the presence of the public and secret key encryption operations is justified, but also it is even necessary. It is also worth mentioning that the models of (Kim et al., 2012), (Yoon and Yoo, 2013), (Chuang and Chen, 2014) and (Amin et al., 2015) had security and structural weaknesses and the model of (Mishra et al., 2014) also does not support the user isolation capabilities and Passwordless Scheme. All similar models have been designed to secure the connection of internal networks such as intranets and nearby connection scenarios such as ATMs and naturally do not require the public and secret key encryption operations. Therefore, the performance of the model under consideration is at an acceptable level according to the conducted investigations.

Conclusion
There are a few points to make when using this model. These points are completely related to the model implementation and do not relate to the theoretical issues of this authentication model: 1. Due to the widespread adoption of the TLS 1.2 protocol, there are few scenarios that may still use SSL version 3.0 or earlier for the connections' security. However, if you use SSL version 3.0, it should be noted that this version has security vulnerabilities. Of course, by using the solution provided by (Joshi et al., 2009), the vulnerability can be greatly eliminated 2. Also, when setting up a SSL/TLS protocol service, it is best to consider the following points to ensure the best results. When a CA server issues a certificate based on the DNS structure, there is a series of rules in relation to the issued certificate (Hodges, 2011): • The certificate should include DNS-ID for interoperability • If a service using a certificate has expanded the technology used for related applications, then the certificate should contain a field called the SRV-ID • If a service using a certificate has expanded the technology used for related applications, then the certificate should have a field called URI-ID • The certificate may contain applications whose type has been defined before the server name is published, or it may be that the application has a type in which related URI does not exist. Under such conditions, this falls outside the scope of the certificate debate As its clear, all of the reviewed models such as: (Kim et al., 2012), (Yoon and Yoo, 2013), (Chuang and Chen, 2014) and (Amin et al., 2015) and (Mishra et al., 2014), has security flaws and performance issues that shown in Table 8-11. The authentication model presented in this research provides complete security for an E-learning and similar Information systems or many web services. The function of this model is also very acceptable. But the point is that there are some things to be improved.
Also based on Tables 9 and 11, the proposed model has 32.50% improvement in security and 63.58% improvement in execution time averagely in comparison with five newest methods. Therefore the proposed model completely satisfies all security and performance requirements of E-learning and all information systems and web services.
In general, the authentication model presented in this study has a complete security and very good function in the context of the safety of connections of the E-learning system, which if implemented, in addition to the integrated security of the system; the function will be maintained at an acceptable level. There is an important thing about performance and security of the Authentication model and that is to maintain the balance between these two very important characteristics obtained in this model using optimized and efficient structures and algorithms.