An Enhanced Lightweight IoT-based Authentication Scheme in Cloud Computing Circumstances

With the rapid deployment of the Internet of Things and cloud computing, it is necessary to enhance authentication protocols to reduce attacks and security vulnerabilities which affect the correct performance of applications. In 2019 a new lightweight IoT-based authentication scheme in cloud computing circumstances was proposed. According to the authors, their protocol is secure and resists very well-known attacks. However, when we evaluated the protocol we found some security vulnerabilities and drawbacks, making the scheme insecure. Therefore, we propose a new version considering login, mutual authentication and key agreement phases to enhance the security. Moreover, we include a sub-phase called evidence of connection attempt which provides proof about the participation of the user and the server. The new scheme achieves the security requirements and resists very well-known attacks, improving previous works. In addition, the performance evaluation demonstrates that the new scheme requires less communication-cost than previous authentication protocols during the registration and login phases.

[1]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[2]  Ahmed Serhrouchni,et al.  A Survey of Internet of Things (IoT) Authentication Schemes † , 2019, Sensors.

[3]  Kuldip Singh,et al.  A secure dynamic identity based authentication protocol for multi-server architecture , 2011, J. Netw. Comput. Appl..

[4]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[5]  Xinyu Yang,et al.  A Survey on the Edge Computing for the Internet of Things , 2018, IEEE Access.

[6]  Tzonelih Hwang,et al.  Non-interactive password authentications without password tables , 1990, IEEE TENCON'90: 1990 IEEE Region 10 Conference on Computer and Communication Systems. Conference Proceedings.

[7]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[8]  Min-Shiang Hwang,et al.  A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[9]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[10]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[11]  Jian Shen,et al.  An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment , 2017, J. Netw. Comput. Appl..

[12]  Mohammed Atiquzzaman,et al.  Interoperability in Internet of Things: Taxonomies and Open Challenges , 2018, Mobile Networks and Applications.

[13]  Sneha A. Dalvi,et al.  Internet of Things for Smart Cities , 2017 .

[14]  Yong Zhao,et al.  Cloud Computing and Grid Computing 360-Degree Compared , 2008, GCE 2008.

[15]  Victor I. Chang,et al.  A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment , 2018, Future Gener. Comput. Syst..

[16]  Chin-Teng Lin,et al.  Edge of Things: The Big Picture on the Integration of Edge, IoT and the Cloud in a Distributed Computing Environment , 2018, IEEE Access.

[17]  Ping Wang,et al.  Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound , 2018, IEEE Transactions on Dependable and Secure Computing.

[18]  R. C. Mittal,et al.  Dynamic ID-based remote user password authentication schemes using smart cards: A review , 2012, J. Netw. Comput. Appl..

[19]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[20]  Jianfeng Ma,et al.  User centric three‐factor authentication protocol for cloud‐assisted wearable devices , 2018, Int. J. Commun. Syst..

[21]  Ruhul Amin,et al.  A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks , 2016, Ad Hoc Networks.

[22]  Mohamed Amine Ferrag,et al.  Authentication Protocols for Internet of Things: A Comprehensive Survey , 2016, Secur. Commun. Networks.

[23]  Chao Yang,et al.  Efficient end-to-end authentication protocol for wearable health monitoring systems , 2017, Comput. Electr. Eng..

[24]  Wei Xiang,et al.  Internet of Things for Smart Healthcare: Technologies, Challenges, and Opportunities , 2017, IEEE Access.

[25]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[26]  Insup Lee,et al.  Intelligent and Dynamic Ransomware Spread Detection and Mitigation in Integrated Clinical Environments , 2019, Sensors.

[27]  Lu Zhou,et al.  Lightweight IoT-based authentication scheme in cloud computing circumstance , 2019, Future Gener. Comput. Syst..

[28]  Rafael Martínez-Peláez,et al.  EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME WITH SESSION KEY AGREEMENT FOR MULTI -SERVER ENVIRONMENT , 2010 .

[29]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[30]  Min Chen,et al.  A Survey on Internet of Things From Industrial Market Perspective , 2015, IEEE Access.

[31]  Dongho Won,et al.  Security Improvement on a Dynamic ID-Based Remote User Authentication Scheme with Session Key Agreement for Multi-server Environment , 2012 .

[32]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[33]  Athanasios V. Vasilakos,et al.  Design and analysis of authenticated key agreement scheme in cloud-assisted cyber-physical systems , 2020, Future Gener. Comput. Syst..