On the design of biometric-based user authentication protocol in smart city environment

Abstract Among the security services, like authentication, access control, key management and intrusion detection, user authentication is very much needed for a smart city environment because an external authorized user may require the real time data to be accessed directly from the deployed Internet of Things (IoT) enabled smart devices. Using the established session key between the user and an access smart device though mutual authentication and key agreement process, the real time data can be securely accessed. To deal with this issue, we propose a new user authentication scheme in smart city environment using three factors of a legal registered user (mobile device, password and biometrics). The proposed scheme is shown to be robust against a number of potential attacks needed in an IoT-based smart city deployment. The simulation study for formal security verification using the widely-accepted “Automated Validation of Internet Security Protocols and Applications (AVISPA)” tool demonstrates that the proposed scheme is also secure. Furthermore, experiments on various cryptographic primitives have been carried out using “MIRACL Cryptographic SDK: Multiprecision Integer and Rational Arithmetic Cryptographic Library” under both server and Raspberry PI 3 settings. Finally, a comprehensive comparative analysis shows the effectiveness and better security of the proposed scheme as compared with other state of art user authentication schemes.

[1]  Chin-Chen Chang,et al.  A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks , 2016, IEEE Transactions on Wireless Communications.

[2]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[3]  Dengzhi Liu,et al.  Secure Real-Time Traffic Data Aggregation With Batch Verification for Vehicular Cloud in VANETs , 2020, IEEE Transactions on Vehicular Technology.

[4]  Joel J. P. C. Rodrigues,et al.  Secure Three-Factor User Authentication Scheme for Renewable-Energy-Based Smart Grid Environment , 2017, IEEE Transactions on Industrial Informatics.

[5]  Mohsen Guizani,et al.  Smart Cities: A Survey on Data Management, Security, and Enabling Technologies , 2017, IEEE Communications Surveys & Tutorials.

[6]  Vanga Odelu,et al.  Design of Lightweight Authentication and Key Agreement Protocol for Vehicular Ad Hoc Networks , 2017, IEEE Access.

[7]  Xiong Li,et al.  A Secure Three-Factor User Authentication Protocol With Forward Secrecy for Wireless Medical Sensor Network Systems , 2020, IEEE Systems Journal.

[8]  Victor I. Chang,et al.  Computationally efficient privacy preserving anonymous mutual and batch authentication schemes for vehicular ad hoc networks , 2018, Future Gener. Comput. Syst..

[9]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[10]  Muhammad Khurram Khan,et al.  A robust and anonymous patient monitoring system using wireless medical sensor networks , 2018, Future Gener. Comput. Syst..

[11]  Xiong Li,et al.  An improved and provably secure three-factor user authentication scheme for wireless sensor networks , 2018, Peer-to-Peer Netw. Appl..

[12]  Willy Susilo,et al.  Secure Message Communication Protocol Among Vehicles in Smart City , 2018, IEEE Transactions on Vehicular Technology.

[13]  Jongho Moon,et al.  Cryptanalysis of Improved and Provably Secure Three-Factor User Authentication Scheme for Wireless Sensor Networks , 2019 .

[14]  Xiong Li,et al.  Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS , 2016, Secur. Commun. Networks.

[15]  Donald Ervin Knuth,et al.  The Art of Computer Programming, Volume II: Seminumerical Algorithms , 1970 .

[16]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[17]  Roberto Di Pietro,et al.  Smart health: A context-aware health paradigm within smart cities , 2014, IEEE Communications Magazine.

[18]  Elisa Bertino,et al.  An Efficient Time-Bound Hierarchical Key Management Scheme for Secure Broadcasting , 2008, IEEE Transactions on Dependable and Secure Computing.

[19]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[20]  Athanasios V. Vasilakos,et al.  An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks , 2017, Comput. Electr. Eng..

[21]  Dongwoo Kang,et al.  Efficient and Secure Biometric-Based User Authenticated Key Agreement Scheme with Anonymity , 2018, Secur. Commun. Networks.

[22]  Pandi Vijayakumar,et al.  EAAP: Efficient Anonymous Authentication With Conditional Privacy-Preserving Scheme for Vehicular Ad Hoc Networks , 2017, IEEE Transactions on Intelligent Transportation Systems.

[23]  Baowen Xu,et al.  An Efficient Identity-Based Conditional Privacy-Preserving Authentication Scheme for Vehicular Ad Hoc Networks , 2015, IEEE Transactions on Information Forensics and Security.

[24]  Majid Alotaibi,et al.  An Enhanced Symmetric Cryptosystem and Biometric-Based Anonymous User Authentication and Session Key Establishment Scheme for WSN , 2018, IEEE Access.

[25]  Amit K. Awasthi,et al.  Security Enhancement of an Improved Remote User Authentication Scheme with Key Agreement , 2016, Wirel. Pers. Commun..

[26]  Kim-Kwang Raymond Choo,et al.  Cloud-Based Biometrics (Biometrics as a Service) for Smart Cities, Nations, and Beyond , 2018, IEEE Cloud Computing.

[27]  Xiong Li,et al.  Provably secure user authentication and key agreement scheme for wireless sensor networks , 2016, Secur. Commun. Networks.

[28]  F. Richard Yu,et al.  Security and Privacy of Smart Cities: A Survey, Research Issues and Challenges , 2019, IEEE Communications Surveys & Tutorials.

[29]  Sheetal Kalra,et al.  A lightweight biometrics based remote user authentication scheme for IoT services , 2017, J. Inf. Secur. Appl..

[30]  Xiong Li,et al.  An efficient multi-gateway-based three-factor user authentication and key agreement scheme in hierarchical wireless sensor networks , 2016, Secur. Commun. Networks.

[31]  Robert T. Chien,et al.  Cyclic decoding procedures for Bose- Chaudhuri-Hocquenghem codes , 1964, IEEE Trans. Inf. Theory.

[32]  Moti Yung,et al.  Perfectly Secure Key Distribution for Dynamic Conferences , 1998, Inf. Comput..

[33]  Michele Nappi,et al.  Biometric data on the edge for secure, smart and user tailored access to cloud services , 2019, Future Gener. Comput. Syst..

[34]  Arputharaj Kannan,et al.  Dual Authentication and Key Management Techniques for Secure Data Transmission in Vehicular Ad Hoc Networks , 2016, IEEE Transactions on Intelligent Transportation Systems.

[35]  Joel J. P. C. Rodrigues,et al.  TCALAS: Temporal Credential-Based Anonymous Lightweight Authentication Scheme for Internet of Drones Environment , 2019, IEEE Transactions on Vehicular Technology.