An improved authentication scheme for Internet of things

Designing a secure authentication scheme is of great importance to the practical applications of the Internet of Things (IoT). In 2017, Wang et al. proposed an improved mutual authentication scheme for the embedded devices and a server over Kalra et al.'s and Chang et al.'s. And they provided a formal proof for their scheme. However, their scheme is still insecure and cannot resist against key compromise impersonation (KCI) attack. In the paper, we first demonstrate the shortcoming of Wang et al.'s scheme, and then we carry out an improvement over Wang et al.'s scheme to address the revealed issue by using an auxiliary server.

[1]  Ping Wang,et al.  Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity , 2015, Inf. Sci..

[2]  Xianbin Wang,et al.  A Collaborative PHY-Aided Technique for End-to-End IoT Device Authentication , 2018, IEEE Access.

[3]  Theodore Tryfonas,et al.  The Internet of Things: a security point of view , 2016, Internet Res..

[4]  Jan Camenisch,et al.  Two-Server Password-Authenticated Secret Sharing UC-Secure Against Transient Corruptions , 2015, Public Key Cryptography.

[5]  Biplab Sikdar,et al.  Mutual Authentication in IoT Systems Using Physical Unclonable Functions , 2017, IEEE Internet of Things Journal.

[6]  Vern Paxson,et al.  The Matter of Heartbleed , 2014, Internet Measurement Conference.

[7]  Weisong Shi,et al.  On security challenges and open issues in Internet of Things , 2018, Future Gener. Comput. Syst..

[8]  Chonho Lee,et al.  A Wavelet Entropy-Based Change Point Detection on Network Traffic: A Case Study of Heartbleed Vulnerability , 2014, 2014 IEEE 6th International Conference on Cloud Computing Technology and Science.

[9]  Zhi Chen,et al.  A lightweight attribute-based encryption scheme for the Internet of Things , 2015, Future Gener. Comput. Syst..

[10]  Minh-Triet Tran,et al.  Improvement of the More Efficient and Secure ID-Based Remote Mutual Authentication with Key Agreement Scheme for Mobile Devices on ECC , 2012, 2012 26th International Conference on Advanced Information Networking and Applications Workshops.

[11]  Chih-Ming Hsiao,et al.  A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol , 2014, Ad Hoc Networks.

[12]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[13]  Ali GhaffarianHoseini,et al.  The essence of future smart houses: from embedding ICT to adapting to sustainability principles , 2013 .

[14]  Chin-Chen Chang,et al.  Notes on "Secure authentication scheme for IoT and cloud servers" , 2017, Pervasive Mob. Comput..

[15]  Chien-Ming Chen,et al.  A secure authentication scheme for Internet of Things , 2017, Pervasive Mob. Comput..

[16]  Sheetal Kalra,et al.  Secure authentication scheme for IoT and cloud servers , 2015, Pervasive Mob. Comput..

[17]  Bo Hu,et al.  A Vision of IoT: Applications, Challenges, and Opportunities With China Perspective , 2014, IEEE Internet of Things Journal.

[18]  Hicham Lakhlef,et al.  Internet of things security: A top-down survey , 2018, Comput. Networks.

[19]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[20]  Yuehong Yin,et al.  The internet of things in healthcare: An overview , 2016, J. Ind. Inf. Integr..

[21]  Donghui Wang,et al.  IBS enabled authentication for IoT in ION framework , 2017, 2017 Global Internet of Things Summit (GIoTS).

[22]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[23]  Subbarayan Venkatesan,et al.  Authentication of IoT Device and IoT Server Using Secure Vaults , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[24]  Ping Wang,et al.  On the Challenges in Designing Identity-Based Privacy-Preserving Authentication Schemes for Mobile Devices , 2018, IEEE Systems Journal.

[25]  Dongxi Liu,et al.  Lightweight Mutual Authentication for IoT and Its Applications , 2017, IEEE Transactions on Sustainable Computing.