Secure authentication scheme for IoT and cloud servers

Internet of Things (IoT) is an upcoming platform where information and communication technology connect multiple embedded devices to the Internet for performing information exchange. Owing to the immense development of this technology, embedded devices are becoming more sophisticated every day and are being deployed in various arenas of life. An important advancement in today's technology is the ability to connect such devices to large resource pools such as cloud. Integration of embedded devices and cloud servers brings wide applicability of IoT in many commercial as well as Government sectors. However, the security concerns such as authentication and data privacy of these devices play a fundamental role in successful integration of these two technologies. Elliptic Curve Cryptography (ECC) based algorithms give better security solutions in comparison to other Public Key Cryptography (PKC) algorithms due to small key sizes and efficient computations. In this paper, a secure ECC based mutual authentication protocol for secure communication of embedded devices and cloud servers using Hyper Text Transfer Protocol (HTTP) cookies has been proposed. The proposed scheme achieves mutual authentication and provides essential security requirements. The security analysis of the proposed protocol proves that it is robust against multiple security attacks. The formal verification of the proposed protocol is performed using AVISPA tool, which confirms its security in the presence of a possible intruder.

[1]  Arne A. Nilsson,et al.  Two tools for network traffic analysis , 2001, Comput. Networks.

[2]  Ola Angelsmark,et al.  International Conference on Ambient Systems , Networks and Technologies ( ANT 2015 ) Calvin – Merging Cloud and IoT , 2015 .

[3]  Sheetal Kalra,et al.  Elliptic curve cryptography: survey and its security applications , 2011, ACAI '11.

[4]  Zhi Chen,et al.  A lightweight attribute-based encryption scheme for the Internet of Things , 2015, Future Gener. Comput. Syst..

[5]  Bill Hancock,et al.  Security views , 2000, Computers & security.

[6]  Jianfeng Ma,et al.  An novel three-party authenticated key exchange protocol using one-time key , 2013, J. Netw. Comput. Appl..

[7]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[8]  Chih-Ming Hsiao,et al.  A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol , 2014, Ad Hoc Networks.

[9]  Kuldip Singh,et al.  Inverse Cookie-based Virtual Password Authentication Protocol , 2011, Int. J. Netw. Secur..

[10]  Sherali Zeadally,et al.  An Analysis of RFID Authentication Schemes for Internet of Things in Healthcare Environment Using Elliptic Curve Cryptography , 2015, IEEE Internet of Things Journal.

[11]  Kuldip Singh,et al.  Dynamic identity-based single password anti-phishing protocol , 2011, Secur. Commun. Networks.

[12]  José María Sierra,et al.  An analysis of conformance issues in implementations of standardized security protocols , 2009, Comput. Stand. Interfaces.

[13]  Maryline Laurent-Maknavicius,et al.  Survey on secure communication protocols for the Internet of Things , 2015, Ad Hoc Networks.

[14]  Hong Wang,et al.  EAP-Based Group Authentication and Key Agreement Protocol for Machine-Type Communications , 2013, Int. J. Distributed Sens. Networks.

[15]  Shujia Zhou,et al.  Case study for running HPC applications in public clouds , 2010, HPDC '10.

[16]  Feng Bao,et al.  Minimizing SSO Effort in Verifying SSL Anti-phishing Indicators , 2008, SEC.

[17]  G. P. Biswas,et al.  A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2011, J. Syst. Softw..

[18]  Ethiopia Nigussie,et al.  An Elliptic Curve-based Mutual Authentication Scheme for RFID Implant Systems , 2014, ANT/SEIT.

[19]  Sebastian Wallner,et al.  Secure communication in microcomputer bus systems for embedded devices , 2008, J. Syst. Archit..

[20]  Ola Angelsmark,et al.  6th International Conference on Ambient Systems, Networks and Technologies (ANT 2015) Calvin - Merging Cloud and IoT , 2015 .

[21]  Chin-Chen Chang,et al.  An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2009, Comput. Secur..

[22]  Hu Jin,et al.  An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security , 2012 .

[23]  Antonio Puliafito,et al.  A utility paradigm for IoT: The sensing Cloud , 2015, Pervasive Mob. Comput..

[24]  Duncan S. Wong,et al.  Analysis and improvement of an authenticated key exchange protocol for sensor networks , 2005, IEEE Communications Letters.

[25]  Lavanya Ramakrishnan,et al.  Seeking supernovae in the clouds: a performance study , 2010, HPDC '10.

[26]  Kouichi Sakurai,et al.  Design and Analysis of Diffie-Hellman-Based Key Exchange Using One-time ID by SVO Logic , 2005, ARSPA@ICALP.

[27]  Albrecht Schmidt,et al.  Embedded Interaction: Interacting with the Internet of Things , 2010, IEEE Internet Computing.

[28]  Suresh C. Mehrotra,et al.  A Review on Elliptic Curve Cryptography for Embedded Systems , 2011, ArXiv.

[29]  Yang Xiao,et al.  Virtual password using random linear functions for on-line services, ATM machines, and pervasive computing , 2008, Comput. Commun..

[30]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[31]  Ed Dawson,et al.  PKI, elliptic curve cryptography, and digital signatures , 1999, Comput. Secur..

[32]  P.E. Abi-Char,et al.  A Fast and Secure Elliptic Curve Based Authenticated Key Agreement Protocol For Low Power Mobile Communications , 2007, The 2007 International Conference on Next Generation Mobile Applications, Services and Technologies (NGMAST 2007).

[33]  Shyi-Tsong Wu,et al.  ID-based remote authentication with smart cards on open distributed system from elliptic curve cryptography , 2005, 2005 IEEE International Conference on Electro Information Technology.

[34]  Marko Hölbl,et al.  A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion , 2014, Ad Hoc Networks.

[35]  Te-Shun Chou,et al.  SECURITY THREATS ON CLOUD COMPUTING VULNERABILITIES , 2013 .

[36]  Luca Viganò,et al.  Automated Security Protocol Analysis With the AVISPA Tool , 2006, MFPS.