Biometrics-Based Privacy-Preserving User Authentication Scheme for Cloud-Based Industrial Internet of Things Deployment

Due to the widespread popularity of Internet-enabled devices, Industrial Internet of Things (IIoT) becomes popular in recent years. However, as the smart devices share the information with each other using an open channel, i.e., Internet, so security and privacy of the shared information remains a paramount concern. There exist some solutions in the literature for preserving security and privacy in IIoT environment. However, due to their heavy computation and communication overheads, these solutions may not be applicable to wide category of applications in IIoT environment. Hence, in this paper, we propose a new biometric-based privacy preserving user authentication (BP2UA) scheme for cloud-based IIoT deployment. BP2UA consists of strong authentication between users and smart devices using preestablished key agreement between smart devices and the gateway node. The formal security analysis of BP2UA using the well-known real-or-random model is provided to prove its session key security. Moreover, an informal security analysis of BP2UA is also given to show its robustness against various types of known attacks. The computation and communication costs of BP2UA in comparison to the other existing schemes of its category demonstrate its effectiveness in the IIoT environment. Finally, the practical demonstration of BP2UA is also done using the NS2 simulation.

[1]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[2]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[3]  Ted H. Szymanski,et al.  Strengthening security and privacy in an ultra-dense green 5G Radio Access Network for the industrial and tactile Internet of Things , 2017, 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC).

[4]  Begnaud Francis Hildebrand,et al.  Introduction to numerical analysis: 2nd edition , 1987 .

[5]  Igor Bisio,et al.  Speaker Recognition Exploiting D2D Communications Paradigm: Performance Evaluation of Multiple Observations Approaches , 2017, Mob. Networks Appl..

[6]  Joel J. P. C. Rodrigues,et al.  Secure Three-Factor User Authentication Scheme for Renewable-Energy-Based Smart Grid Environment , 2017, IEEE Transactions on Industrial Informatics.

[7]  Athanasios V. Vasilakos,et al.  Secure Biometric-Based Authentication Scheme Using Chebyshev Chaotic Map for Multi-Server Environment , 2018, IEEE Transactions on Dependable and Secure Computing.

[8]  Muhammad Bilal,et al.  An Authentication Protocol for Future Sensor Networks , 2017, Sensors.

[9]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[10]  Muhammad Khurram Khan,et al.  Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks , 2016, Comput. Networks.

[11]  Samiran Chattopadhyay,et al.  Chaotic Map-Based Anonymous User Authentication Scheme With User Biometrics and Fuzzy Extractor for Crowdsourcing Internet of Things , 2018, IEEE Internet of Things Journal.

[12]  Eun-Jun Yoon,et al.  Secure Signature-Based Authenticated Key Establishment Scheme for Future IoT Applications , 2017, IEEE Access.

[13]  Chin-Chen Chang,et al.  A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks , 2016, IEEE Transactions on Wireless Communications.

[14]  Ashok Kumar Das,et al.  Robust Anonymous Mutual Authentication Scheme for n-Times Ubiquitous Mobile Cloud Computing Services , 2017, IEEE Internet of Things Journal.

[15]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[16]  Marko Hölbl,et al.  A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion , 2014, Ad Hoc Networks.

[17]  Jiguo Yu,et al.  A Privacy Preserving Communication Protocol for IoT Applications in Smart Homes , 2016, 2016 International Conference on Identification, Information and Knowledge in the Internet of Things (IIKI).

[18]  Arnold Neumaier,et al.  Introduction to Numerical Analysis , 2001 .

[19]  Jianhua Chen,et al.  Certificateless Searchable Public Key Encryption Scheme for Industrial Internet of Things , 2018, IEEE Transactions on Industrial Informatics.

[20]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[21]  Athanasios V. Vasilakos,et al.  A Novel Authentication and Key Agreement Scheme for Implantable Medical Devices Deployment , 2018, IEEE Journal of Biomedical and Health Informatics.

[22]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[23]  Yasir Saleem,et al.  Network Simulator NS-2 , 2015 .

[24]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[25]  Igor Bisio,et al.  Performance analysis of smart audio pre-processing for noise-robust text-independent speaker recognition , 2017, 2017 IEEE Global Conference on Signal and Information Processing (GlobalSIP).

[26]  Sherali Zeadally,et al.  Lightweight Three-Factor Authentication and Key Agreement Protocol for Internet-Integrated Wireless Sensor Networks , 2017, IEEE Access.

[27]  Chin-Chen Chang,et al.  An Untraceable Biometric-Based Multi-server Authenticated Key Agreement Protocol with Revocation , 2016, Wirel. Pers. Commun..

[28]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[29]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[30]  Kirti Kamthe,et al.  Enhanced Three-Factor Security Protocol For Consumer USB Mass Storage Devices , 2017 .

[31]  Rajeev Shorey,et al.  Efficient device-to-device association and data aggregation in industrial IoT systems , 2017, 2017 9th International Conference on Communication Systems and Networks (COMSNETS).

[32]  Victor I. Chang,et al.  A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment , 2018, Future Gener. Comput. Syst..

[33]  Tony Q. S. Quek,et al.  Lightweight and Practical Anonymous Authentication Protocol for RFID Systems Using Physically Unclonable Functions , 2018, IEEE Transactions on Information Forensics and Security.

[34]  Igor Bisio,et al.  Smart and Robust Speaker Recognition for Context-Aware In-Vehicle Applications , 2018, IEEE Transactions on Vehicular Technology.

[35]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[36]  Mohamed Amine Ferrag,et al.  Authentication Protocols for Internet of Things: A Comprehensive Survey , 2016, Secur. Commun. Networks.

[37]  Moti Yung,et al.  Perfectly Secure Key Distribution for Dynamic Conferences , 1992, Inf. Comput..

[38]  Ronald L. Rivest,et al.  Responses to NIST's proposal , 1992, CACM.

[39]  Abdelhamid Belmekki,et al.  Privacy Preservation in the Internet of Things , 2016, UNet.

[40]  Saru Kumari,et al.  An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment , 2016, Ad Hoc Networks.