Three party secure data transmission in IoT networks through design of a lightweight authenticated key agreement scheme

Abstract Wireless sensor networks (WSNs) can be deployed in any unattended environment. With new enhancements in internet of things (IoT) technology, authorized users are able to access reliable sensor nodes. By accessing the sensor nodes, they can obtain data and send commands to the nodes. Designing an efficient secure authentication and key agreement scheme is vital because of the resource constrained nature of nodes. During the last decade, several lightweight two-factor or three-factor authentication and key agreement protocols have been proposed to provide secure communication links between users and sensor nodes. However, after careful assessment of these works, we found that two of recently proposed ones, which have tried to improve their previous works, are still susceptible to strong replay attacks or do not provide perfect forward secrecy. Therefore, to address this concern, in this paper, we propose a secure and lightweight authentication and key agreement protocol for IoT based WSNs that is free from the security challenges of previous protocols. Formal security verification of the proposed protocol is presented using the well-known and widely-accepted Automated Validation of Internet Security Protocols and Applications tool. Comparative security and performance evaluations with other related works indicate the superiority of the proposed protocol.

[1]  Saru Kumari,et al.  Cryptanalysis and improvement of a three‐party password‐based authenticated key exchange protocol with user anonymity using extended chaotic maps , 2017, Int. J. Commun. Syst..

[2]  Mahmoud Ahmadian-Attari,et al.  A new efficient authenticated multiple-key exchange protocol from bilinear pairings , 2013, Comput. Electr. Eng..

[3]  Fadi Al-Turjman,et al.  Confidential smart-sensing framework in the IoT era , 2018, The Journal of Supercomputing.

[4]  Ronggong Song Advanced smart card based password authentication protocol , 2010, Comput. Stand. Interfaces.

[5]  Dariush Abbasinezhad-Mood,et al.  Efficient privacy‐preserving authentication scheme for roaming consumer in global mobility networks , 2019, International Journal of Communication Systems.

[6]  Hsin-Wen Wei,et al.  A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2011, Sensors.

[7]  Ashok Kumar Das,et al.  Anonymous Lightweight Chaotic Map-Based Authenticated Key Agreement Protocol for Industrial Internet of Things , 2020, IEEE Transactions on Dependable and Secure Computing.

[8]  Yannick Chevalier,et al.  A High Level Protocol Specification Language for Industrial Security-Sensitive Protocols , 2004 .

[9]  B. B. Gupta,et al.  Security in Internet of Things: issues, challenges, taxonomy, and architecture , 2017, Telecommunication Systems.

[10]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[11]  Jiannong Cao,et al.  A dynamic user authentication scheme for wireless sensor networks , 2006, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06).

[12]  Jian Shen,et al.  A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks , 2017, Future Gener. Comput. Syst..

[13]  Muhammad Khurram Khan,et al.  Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks , 2016, Comput. Networks.

[14]  Peilin Hong,et al.  A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks , 2013, J. Netw. Comput. Appl..

[15]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[16]  Chuangui Ma,et al.  Analysis and improvement of an authenticated multiple key exchange protocol , 2011, Comput. Electr. Eng..

[17]  Ashok Kumar Das,et al.  A Secure and Efficient Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[18]  Sebastian Mödersheim,et al.  OFMC: A symbolic model checker for security protocols , 2005, International Journal of Information Security.

[19]  Ruhul Amin,et al.  Efficient authentication protocol for secure multimedia communications in IoT-enabled wireless sensor networks , 2017, Multimedia Tools and Applications.

[20]  Cheng-Chi Lee,et al.  An Advanced Temporal Credential-Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks , 2013, Sensors.

[21]  Xiong Li,et al.  Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems , 2015, Journal of Medical Systems.

[22]  Daqiang Zhang,et al.  An Efficient RFID Search Protocol Based On Clouds , 2015, Mobile Networks and Applications.

[23]  Muhammad Sher,et al.  An Improved and Secure Chaotic-Map Based Multi-server Authentication Protocol Based on Lu et al. and Tsai and Lo’s Scheme , 2017, Wireless Personal Communications.

[24]  Marko Hölbl,et al.  A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion , 2014, Ad Hoc Networks.

[25]  Peter Kruus,et al.  TinyPK: securing sensor networks with public key technology , 2004, SASN '04.

[26]  Ruhul Amin,et al.  Cryptanalysis and Design of a Three-Party Authenticated Key Exchange Protocol Using Smart Card , 2015 .

[27]  Kostas E. Psannis,et al.  Secure integration of IoT and Cloud Computing , 2018, Future Gener. Comput. Syst..

[28]  Mohammad S. Obaidat,et al.  A provably secure and efficient two‐party password‐based explicit authenticated key exchange protocol resistance to password guessing attacks , 2015, Concurr. Comput. Pract. Exp..

[29]  Mohammad Heydari,et al.  An Efficient Password-Based Authenticated Key Exchange Protocol with Provable Security for Mobile Client–Client Networks , 2016, Wirel. Pers. Commun..

[30]  Fan Wu,et al.  Cryptanalysis and Improvement of a User Authentication Scheme Preserving Uniqueness and Anonymity for Connected Health Care , 2015, Journal of Medical Systems.

[31]  Mohammad Heydari,et al.  An improved one-to-many authentication scheme based on bilinear pairings with provable security for mobile pay-TV systems , 2016, Multimedia Tools and Applications.

[32]  Haoxiang Wang,et al.  Efficient IoT-based sensor BIG Data collection-processing and analysis in smart buildings , 2017, Future Gener. Comput. Syst..

[33]  Dariush Abbasinezhad-Mood,et al.  An Anonymous ECC-Based Self-Certified Key Distribution Scheme for the Smart Grid , 2018, IEEE Transactions on Industrial Electronics.

[34]  Zuowen Tan,et al.  A privacy-preserving multi-server authenticated key-agreement scheme based on Chebyshev chaotic maps , 2016, Secur. Commun. Networks.

[35]  Chun Chen,et al.  An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks , 2010, Ad Hoc Sens. Wirel. Networks.

[36]  Ruhul Amin,et al.  Design of authentication protocol for wireless sensor network-based smart vehicular system , 2017, Veh. Commun..

[37]  Xiong Li,et al.  An efficient multi-gateway-based three-factor user authentication and key agreement scheme in hierarchical wireless sensor networks , 2016, Secur. Commun. Networks.

[38]  G. P. Biswas,et al.  A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2011, J. Syst. Softw..

[39]  Ruhul Amin,et al.  A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks , 2016, Ad Hoc Networks.

[40]  Morteza Nikooghadam,et al.  A lightweight authentication and key agreement protocol preserving user anonymity , 2017, Multimedia Tools and Applications.

[41]  Jorge Sá Silva,et al.  Robust dynamic user authentication scheme for wireless sensor networks , 2009, Q2SWinet '09.

[42]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[43]  Muhammad Sher,et al.  An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging Registration Centre , 2016, The Journal of Supercomputing.

[44]  M. Shamim Hossain,et al.  Cloud-assisted secure video transmission and sharing framework for smart cities , 2017, Future Gener. Comput. Syst..

[45]  Sherali Zeadally,et al.  Lightweight Three-Factor Authentication and Key Agreement Protocol for Internet-Integrated Wireless Sensor Networks , 2017, IEEE Access.

[46]  Dharma P. Agrawal,et al.  Handbook of Research on Modern Cryptographic Solutions for Computer and Cyber Security , 2016 .

[47]  Rong Fan,et al.  A secure and efficient user authentication protocol for two-tiered wireless sensor networks , 2010, 2010 Second Pacific-Asia Conference on Circuits, Communications and System.

[48]  Dariush Abbasinezhad-Mood,et al.  Efficient Anonymous Password-Authenticated Key Exchange Protocol to Read Isolated Smart Meters by Utilization of Extended Chebyshev Chaotic Maps , 2018, IEEE Transactions on Industrial Informatics.

[49]  Dariush Abbasinezhad-Mood,et al.  Efficient target tracking in directional sensor networks with selective target area’s coverage , 2018, Telecommun. Syst..

[50]  Changjun Jiang,et al.  A biometric-based user authentication for wireless sensor networks , 2010, Wuhan University Journal of Natural Sciences.

[51]  Fadi Al-Turjman,et al.  A Novel Security Model for Cooperative Virtual Networks in the IoT Era , 2018, International Journal of Parallel Programming.

[52]  Marko Hölbl,et al.  An Improved Dynamic Password-based User Authentication Scheme for Hierarchical Wireless Sensor Networks , 2013 .

[53]  Fadi Al-Turjman,et al.  Seamless Key Agreement Framework for Mobile-Sink in IoT Based Cloud-Centric Secured Public Safety Sensor Networks , 2017, IEEE Access.

[54]  Ruhul Amin,et al.  A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity , 2015, Journal of Medical Systems.

[55]  Naveen K. Chilamkurti,et al.  A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks , 2015, Inf. Sci..

[56]  Muhammad Sher,et al.  An improved and robust biometrics-based three factor authentication scheme for multiserver environments , 2018, The Journal of Supercomputing.

[57]  Ashok Kumar Das,et al.  A dynamic password-based user authentication scheme for hierarchical wireless sensor networks , 2012, J. Netw. Comput. Appl..