A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT Environments

The Internet of Things (IoT) is being applied to various environments such as telecare systems, smart homes, and intelligent transportation systems. The information generated from IoT devices is stored at remote servers, and external users authenticate to the server for requesting access to the stored data. In IoT environments, the authentication process is required to be conducted efficiently, and should be secure against various attacks and ensure user anonymity and untraceability to ensure sustainability of the network. However, many existing protocols proposed in IoT environments do not meet these requirements. Recently, Rajaram et al. proposed a paring-based user authentication scheme. We found that the Rajaram et al. scheme is vulnerable to various attacks such as offline password guessing, impersonation, privileged insider, and known session-specific temporary information attacks. Additionally, as their scheme uses bilinear pairing, it requires high computation and communication costs. In this study, we propose a novel authentication scheme that resolves these security problems. The proposed scheme uses only hash and exclusive-or operations to be applicable in IoT environments. We analyze the proposed protocol using informal analysis and formal analysis methods such as the BAN logic, real-or-random (ROR) model, and the AVISPA simulation, and we show that the proposed protocol has better security and performance compared with existing authentication protocols. Consequently, the proposed protocol is sustainable and suitable for real IoT environments.

[1]  Saru Kumari,et al.  Efficient and Privacy-Preserving Authentication Protocol for Heterogeneous Systems in IIoT , 2020, IEEE Internet of Things Journal.

[2]  Joel J. P. C. Rodrigues,et al.  Provably Secure ECC-Based Device Access Control and Key Agreement Protocol for IoT Environment , 2019, IEEE Access.

[3]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[4]  Youngho Park,et al.  Design of Secure Decentralized Car-Sharing System Using Blockchain , 2021, IEEE Access.

[5]  Sheetal Kalra,et al.  Multi-factor user authentication scheme for IoT-based healthcare services , 2018, Journal of Reliable Intelligent Environments.

[6]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[7]  Ashok Kumar Das,et al.  Secure and Efficient Honey List-Based Authentication Protocol for Vehicular Ad Hoc Networks , 2021, IEEE Transactions on Network Science and Engineering.

[8]  YoungHo Park,et al.  A Secure and Lightweight Authentication Protocol for IoT-Based Smart Homes , 2021, Sensors.

[9]  Giancarlo Succi,et al.  Authentication in cloud-driven IoT-based big data environment: Survey and outlook , 2019, J. Syst. Archit..

[10]  Haleh Amintoosi,et al.  A provably secure and lightweight authentication scheme for Internet of Drones for smart city surveillance , 2020, J. Syst. Archit..

[11]  Samiran Chattopadhyay,et al.  Lightweight Failover Authentication Mechanism for IoT-Based Fog Computing Environment , 2021 .

[12]  Reza M. Parizi,et al.  A Provably Secure Two-Factor Authentication Scheme for USB Storage Devices , 2020, IEEE Transactions on Consumer Electronics.

[13]  Ashok Kumar Das,et al.  iGCACS-IoD: An Improved Certificate-Enabled Generic Access Control Scheme for Internet of Drones Deployment , 2021, IEEE Access.

[14]  Ashok Kumar Das,et al.  A lightweight and secure two-factor authentication scheme for wireless body area networks in health-care IoT , 2020, Comput. Networks.

[15]  Dongwoo Kang,et al.  Efficient and Secure Biometric-Based User Authenticated Key Agreement Scheme with Anonymity , 2018, Secur. Commun. Networks.

[16]  Joel J. P. C. Rodrigues,et al.  AKM-IoV: Authenticated Key Management Protocol in Fog Computing-Based Internet of Vehicles Deployment , 2019, IEEE Internet of Things Journal.

[17]  SK Hafizul Islam,et al.  An enhanced and provably secure multi-factor authentication scheme for Internet-of-Multimedia-Things environments , 2020, Comput. Electr. Eng..

[18]  Yousaf Bin Zikria,et al.  A secure and lightweight authentication scheme for next generation IoT infrastructure , 2021, Comput. Commun..

[19]  Ashok Kumar Das,et al.  On the Design of Secure and Efficient Three-Factor Authentication Protocol Using Honey List for Wireless Sensor Networks , 2020, IEEE Access.

[20]  Mouna Nakkar,et al.  Lightweight Broadcast Authentication Protocol for Edge-Based Applications , 2020, IEEE Internet of Things Journal.

[21]  Farag Sallabi,et al.  STHM: A Secured and Trusted Healthcare Monitoring Architecture Using SDN and Blockchain , 2021, Electronics.

[22]  Nabil Benamar,et al.  Secure WiFi-Direct Using Key Exchange for IoT Device-to-Device Communications in a Smart Environment , 2019, Future Internet.

[23]  Xiong Li,et al.  An improved remote user authentication scheme with key agreement , 2014, Comput. Electr. Eng..

[24]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[25]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[26]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[27]  Ashok Kumar Das,et al.  Design of Secure Authentication Protocol for Cloud-Assisted Telecare Medical Information System Using Blockchain , 2020, IEEE Access.

[28]  Yuwen Chen,et al.  A Lightweight Anonymous Client–Server Authentication Scheme for the Internet of Things Scenario: LAuth , 2018, Sensors.

[29]  Tanmoy Maitra,et al.  eUASBP: enhanced user authentication scheme based on bilinear pairing , 2020, J. Ambient Intell. Humaniz. Comput..

[30]  Ashok Kumar Das,et al.  On the Design of Mutual Authentication and Key Agreement Protocol in Internet of Vehicles-Enabled Intelligent Transportation System , 2021, IEEE Transactions on Vehicular Technology.

[31]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[32]  Young-Ho Park,et al.  Secure Key Agreement and Authentication Protocol for Message Confirmation in Vehicular Cloud Computing , 2020, Applied Sciences.

[33]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[34]  Debasis Giri,et al.  A robust authentication and access control protocol for securing wireless healthcare sensor networks , 2020, J. Inf. Secur. Appl..

[35]  Geetanjali Rathee,et al.  On the design and implementation of a secure blockchain-based hybrid framework for Industrial Internet-of-Things , 2021, Inf. Process. Manag..

[36]  Ashok Kumar Das,et al.  IoV-SMAP: Secure and Efficient Message Authentication Protocol for IoV in Smart City Environment , 2020, IEEE Access.

[37]  Chien-Ming Chen,et al.  An enhanced pairing-based authentication scheme for smart grid communications , 2021 .

[38]  Musheer Ahmad,et al.  LAKAF: Lightweight authentication and key agreement framework for smart grid network , 2021, J. Syst. Archit..

[39]  Young-Gab Kim,et al.  Secure and Efficient Authentication Scheme in IoT Environments , 2021, Applied Sciences.

[40]  Amit K. Awasthi,et al.  Security Enhancement of an Improved Remote User Authentication Scheme with Key Agreement , 2016, Wirel. Pers. Commun..

[41]  Youngho Park,et al.  WSN-SLAP: Secure and Lightweight Mutual Authentication Protocol for Wireless Sensor Networks , 2021, Sensors.

[42]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[43]  Samiran Chattopadhyay,et al.  An Efficient, Anonymous and Robust Authentication Scheme for Smart Home Environments , 2020, Sensors.

[44]  Yining Liu,et al.  A Secure Authentication Protocol for Internet of Vehicles , 2019, IEEE Access.