A Robust IoT-Based Three-Factor Authentication Scheme for Cloud Computing Resistant to Session Key Exposure

With the development of Internet of Things (IoT) technologies, Internet-enabled devices have been widely used in our daily lives. As a new service paradigm, cloud computing aims at solving the resource-constrained problem of Internet-enabled devices. It is playing an increasingly important role in resource sharing. Due to the complexity and openness of wireless networks, the authentication protocol is crucial for secure communication and user privacy protection. In this paper, we discuss the limitations of a recently introduced IoT-based authentication scheme for cloud computing. Furthermore, we present an enhanced three-factor authentication scheme using chaotic maps. The session key is established based on Chebyshev chaotic-based Diffie–Hellman key exchange. In addition, the session key involves a long-term secret. It ensures that our scheme is secure against all the possible session key exposure attacks. Besides, our scheme can effectively update user password locally. Burrows–Abadi–Needham logic proof confirms that our scheme provides mutual authentication and session key agreement. The formal analysis under random oracle model proves the semantic security of our scheme. The informal analysis shows that our scheme is immune to diverse attacks and has desired features such as three-factor secrecy. Finally, the performance comparisons demonstrate that our scheme provides optimal security features with an acceptable computation and communication overheads.

[1]  Lu Zhou,et al.  Lightweight IoT-based authentication scheme in cloud computing circumstance , 2019, Future Gener. Comput. Syst..

[2]  Li Xu,et al.  Further Observations on Smart-Card-Based Password-Authenticated Key Agreement in Distributed Systems , 2014, IEEE Transactions on Parallel and Distributed Systems.

[3]  Victor I. Chang,et al.  A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment , 2018, Future Gener. Comput. Syst..

[4]  WangDing,et al.  On the anonymity of two-factor authentication schemes for wireless sensor networks , 2014 .

[5]  Marek R. Ogiela,et al.  Expert Knowledge-Based Authentication Protocols for Cloud Computing Applications , 2018, INCoS.

[6]  Dariush Abbasinezhad-Mood,et al.  Efficient Anonymous Password-Authenticated Key Exchange Protocol to Read Isolated Smart Meters by Utilization of Extended Chebyshev Chaotic Maps , 2018, IEEE Transactions on Industrial Informatics.

[7]  Kim-Kwang Raymond Choo,et al.  Design of a provably secure biometrics-based multi-cloud-server authentication scheme , 2017, Future Gener. Comput. Syst..

[8]  Rafael Martínez-Peláez,et al.  An Enhanced Lightweight IoT-based Authentication Scheme in Cloud Computing Circumstances , 2019, Sensors.

[9]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[10]  Linhua Zhang Cryptanalysis of the public key encryption based on multiple chaotic systems , 2008 .

[11]  Chenyu Wang,et al.  A Provably Secure Biometrics-Based Authentication Scheme for Multiserver Environment , 2019, Secur. Commun. Networks.

[12]  Arif Ur Rahman,et al.  Security and key management in IoT‐based wireless sensor networks: An authentication protocol using symmetric key , 2019, Int. J. Commun. Syst..

[13]  Jianfeng Ma,et al.  User centric three‐factor authentication protocol for cloud‐assisted wearable devices , 2018, Int. J. Commun. Syst..

[14]  Bin Li,et al.  An Enhanced User Authentication Protocol Based on Elliptic Curve Cryptosystem in Cloud Computing Environment , 2018, Wirel. Commun. Mob. Comput..

[15]  Ping Wang,et al.  Revisiting Anonymous Two-Factor Authentication Schemes for IoT-Enabled Devices in Cloud Computing Environments , 2019, Secur. Commun. Networks.

[16]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[17]  Samiran Chattopadhyay,et al.  Chaotic Map-Based Anonymous User Authentication Scheme With User Biometrics and Fuzzy Extractor for Crowdsourcing Internet of Things , 2018, IEEE Internet of Things Journal.

[18]  Rajkumar Buyya,et al.  Ensuring Security and Privacy Preservation for Cloud Data Services , 2016, ACM Comput. Surv..

[19]  Hari Om,et al.  A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC , 2017, Comput. Commun..

[20]  Xinyi Huang,et al.  Provably secure authenticated key agreement scheme for distributed mobile cloud computing services , 2017, Future Gener. Comput. Syst..

[21]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[22]  Xiong Li,et al.  Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS , 2016, Secur. Commun. Networks.

[23]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[24]  Laurence T. Yang,et al.  A survey on data fusion in internet of things: Towards secure and privacy-preserving fusion , 2019, Inf. Fusion.

[25]  Weizhi Meng,et al.  Charging Me and I Know Your Secrets!: Towards Juice Filming Attacks on Smartphones , 2015, CPSS@ASIACSS.

[26]  Jian Shen,et al.  Efficient Privacy-Aware Authentication Scheme for Mobile Cloud Computing Services , 2018, IEEE Systems Journal.

[27]  Fan Wu,et al.  A New Chaotic Map-Based Authentication and Key Agreement Scheme with User Anonymity for Multi-server Environment , 2017 .

[28]  Ping Wang,et al.  On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions , 2014, Comput. Networks.

[29]  Chao Yang,et al.  Efficient end-to-end authentication protocol for wearable health monitoring systems , 2017, Comput. Electr. Eng..

[30]  Meng Chang Chen,et al.  An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics , 2014, Expert Syst. Appl..

[31]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[32]  Dariush Abbasinezhad-Mood,et al.  Three party secure data transmission in IoT networks through design of a lightweight authenticated key agreement scheme , 2019, Future Gener. Comput. Syst..

[33]  Ping Wang,et al.  Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound , 2018, IEEE Transactions on Dependable and Secure Computing.

[34]  Ashok Kumar Das,et al.  Robust Anonymous Mutual Authentication Scheme for n-Times Ubiquitous Mobile Cloud Computing Services , 2017, IEEE Internet of Things Journal.

[35]  Athanasios V. Vasilakos,et al.  Secure Biometric-Based Authentication Scheme Using Chebyshev Chaotic Map for Multi-Server Environment , 2018, IEEE Transactions on Dependable and Secure Computing.

[36]  Ping Wang,et al.  Zipf’s Law in Passwords , 2017, IEEE Transactions on Information Forensics and Security.

[37]  Wei Shen,et al.  An Efficient and Provably Secure Anonymous User Authentication and Key Agreement for Mobile Cloud Computing , 2019, Wirel. Commun. Mob. Comput..

[38]  Jia-Lun Tsai,et al.  A Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services , 2015, IEEE Systems Journal.