A Provably Secure and Lightweight Anonymous User Authenticated Session Key Exchange Scheme for Internet of Things Deployment

With the ever increasing adoption rate of Internet-enabled devices [also known as Internet of Things (IoT) devices] in applications such as smart home, smart city, smart grid, and healthcare applications, we need to ensure the security and privacy of data and communications among these IoT devices and the underlying infrastructure. For example, an adversary can easily tamper with the information transmitted over a public channel, in the sense of modification, deletion, and fabrication of data-in-transit and data-in-storage. Time-critical IoT applications such as healthcare may demand the capability to support external parties (users) to securely access IoT data and services in real-time. This necessitates the design of a secure user authentication mechanism, which should also allow the user to achieve security and functionality features such as anonymity and un-traceability. In this paper, we propose a new lightweight anonymous user authenticated session key agreement scheme in the IoT environment. The proposed scheme uses three-factor authentication, namely a user’s smart card, password, and personal biometric information. The proposed scheme does not require the storing of user specific information at the gateway node. We then demonstrate the proposed scheme’s security using the broadly accepted real-or-random (ROR) model, Burrows–Abadi–Needham (BAN) logic, and automated validation of Internet security protocols and applications (AVISPAs) software simulation tool, as well as presenting an informal security analysis to demonstrate its other features. In addition, through our simulations, we demonstrate that the proposed scheme outperforms existing related user authentication schemes, in terms of its security and functionality features, and computation costs.

[1]  Johannes A. Buchmann,et al.  Introduction to Cryptography , 2001 .

[2]  Jung Hee Cheon,et al.  A Reusable Fuzzy Extractor with Practical Storage Size: Modifying Canetti et al.'s Construction , 2018, ACISP.

[3]  Athanasios V. Vasilakos,et al.  On the design of secure user authenticated key management scheme for multigateway‐based wireless sensor networks using ECC , 2018, Int. J. Commun. Syst..

[4]  Muhammad Khurram Khan,et al.  Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’ , 2010, Sensors.

[5]  Willy Susilo,et al.  Secure Remote User Authenticated Key Establishment Protocol for Smart Home Environment , 2020, IEEE Transactions on Dependable and Secure Computing.

[6]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[7]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[8]  Sherali Zeadally,et al.  Taxonomy and analysis of security protocols for Internet of Things , 2018, Future Gener. Comput. Syst..

[9]  R. C. Mittal,et al.  Dynamic ID-based remote user password authentication schemes using smart cards: A review , 2012, J. Netw. Comput. Appl..

[10]  Debiao He,et al.  Anonymous two-factor authentication for consumer roaming service in global mobility networks , 2013, IEEE Transactions on Consumer Electronics.

[11]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[12]  Jianfeng Ma,et al.  An Efficient Ticket Based Authentication Protocol with Unlinkability for Wireless Access Networks , 2014, Wireless Personal Communications.

[13]  Jiguo Yu,et al.  A Privacy Preserving Communication Protocol for IoT Applications in Smart Homes , 2016, 2016 International Conference on Identification, Information and Knowledge in the Internet of Things (IIKI).

[14]  Wenting Li,et al.  Cryptanalysis and Security Enhancement of Three Authentication Schemes in Wireless Sensor Networks , 2018, Wirel. Commun. Mob. Comput..

[15]  Xuemin Shen,et al.  A Lightweight Encryption Scheme for Network-Coded Mobile Ad Hoc Networks , 2014, IEEE Transactions on Parallel and Distributed Systems.

[16]  Mauro Conti,et al.  Design of Secure User Authenticated Key Management Protocol for Generic IoT Networks , 2018, IEEE Internet of Things Journal.

[17]  Marko Hölbl,et al.  A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion , 2014, Ad Hoc Networks.

[18]  Victor I. Chang,et al.  A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment , 2018, Future Gener. Comput. Syst..

[19]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[20]  Andrei V. Gurtov,et al.  Two-phase authentication protocol for wireless sensor networks in distributed IoT applications , 2014, 2014 IEEE Wireless Communications and Networking Conference (WCNC).

[21]  Christof Paar,et al.  Introduction to Cryptography and Data Security , 2010 .

[22]  Prosanta Gope,et al.  A Realistic Lightweight Anonymous Authentication Protocol for Securing Real-Time Application Data Access in Wireless Sensor Networks , 2016, IEEE Transactions on Industrial Electronics.

[23]  Kefei Chen,et al.  An Efficient Key-Management Scheme for Hierarchical Access Control in E-Medicine System , 2012, Journal of Medical Systems.

[24]  Samiran Chattopadhyay,et al.  Provably Secure Fine-Grained Data Access Control Over Multiple Cloud Servers in Mobile Cloud Computing Based Healthcare Applications , 2019, IEEE Transactions on Industrial Informatics.

[25]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[26]  Cheng-Chi Lee,et al.  Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks , 2013, Multimedia Systems.

[27]  Wei Ni,et al.  Anatomy of Threats to the Internet of Things , 2019, IEEE Communications Surveys & Tutorials.

[28]  Michael Gerndt,et al.  Wireless sensors networks for Internet of Things , 2016, 2014 IEEE Ninth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP).

[29]  Ping Wang,et al.  Zipf’s Law in Passwords , 2017, IEEE Transactions on Information Forensics and Security.

[30]  Li Jun,et al.  Smart Home System Based on IOT Technologies , 2013, 2013 International Conference on Computational and Information Sciences.

[31]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[32]  Kim-Kwang Raymond Choo,et al.  An untraceable and anonymous password authentication protocol for heterogeneous wireless sensor networks , 2017, J. Netw. Comput. Appl..

[33]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[34]  Xiong Li,et al.  Provably secure user authentication and key agreement scheme for wireless sensor networks , 2016, Secur. Commun. Networks.

[35]  Cheng-Chi Lee,et al.  An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System , 2017, Sensors.

[36]  Athanasios V. Vasilakos,et al.  Design and analysis of authenticated key agreement scheme in cloud-assisted cyber-physical systems , 2020, Future Gener. Comput. Syst..

[37]  Nai-Wei Lo,et al.  A Lightweight Continuous Authentication Protocol for the Internet of Things , 2018, Sensors.

[38]  Yongzhuang Wei,et al.  A Novel Wireless Authentication Protocol Preserving User Anonymity and Untraceability , 2006, 2006 International Conference on Communication Technology.

[39]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[40]  Jorge Sá Silva,et al.  Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues , 2015, IEEE Communications Surveys & Tutorials.

[41]  Cheng-Chi Lee,et al.  Towards secure authenticating of cache in the reader for RFID-based IoT systems , 2018, Peer-to-Peer Netw. Appl..

[42]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[43]  Sheetal Kalra,et al.  Secure multi‐factor remote user authentication scheme for Internet of Things environments , 2017, Int. J. Commun. Syst..

[44]  Sheila Frankel,et al.  The AES-CBC Cipher Algorithm and Its Use with IPsec , 2003, RFC.

[45]  Eun-Jun Yoon,et al.  Secure Signature-Based Authenticated Key Establishment Scheme for Future IoT Applications , 2017, IEEE Access.

[46]  Mauro Conti,et al.  Provably Secure Authenticated Key Agreement Scheme for Smart Grid , 2018, IEEE Transactions on Smart Grid.

[47]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[48]  Xiong Li,et al.  A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments , 2018, J. Netw. Comput. Appl..

[49]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[50]  Mohamed Amine Ferrag,et al.  Authentication Protocols for Internet of Things: A Comprehensive Survey , 2016, Secur. Commun. Networks.

[51]  Chin-Chen Chang,et al.  A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks , 2016, IEEE Transactions on Wireless Communications.