Physically Secure Lightweight Anonymous User Authentication Protocol for Internet of Things Using Physically Unclonable Functions

The Internet of Things (IoT) acts as an umbrella for the Internet-enabled devices for various applications, such as smart home, smart city, smart grid, and smart healthcare. The emergence of the immense economic potential necessitates a robust authentication mechanism that needs to be lightweight and suitable for real-time applications. Moreover, the physical integrity of these devices cannot be assumed as these are designed to be deployed in an unattended environment with minimum human supervision. A user authentication mechanism for the IoT, in addition to guaranteeing user anonymity and un-traceability functionality requirements, must also be resistant to device physical capture and related misuses. In this paper, we present a novel lightweight anonymous user authentication protocol for the IoT environment by utilizing “cryptographic one-way hash function”, “physically unclonable function (PUF)” and “bitwise exclusive-OR (XOR)” operations. The broadly accepted Real-Or-Random (ROR) model-based formal security analysis, formal security verification using the automated software verification tool, namely “automated validation of internet security protocols and applications (AVISPA)” and also non-mathematical (informal) security analysis have been carried out on the proposed scheme. It is shown that the proposed scheme has the ability to resist various well-known attacks that are crucial for securing the IoT environment. Through a detailed comparative study, we show that the proposed scheme outperforms other existing related schemes in terms of computation and communication costs, and also security & functionality features. Finally, a practical demonstration of the proposed scheme using the NS3 simulation has been provided for measuring various network performance parameters.

[1]  Samiran Chattopadhyay,et al.  Provably Secure Fine-Grained Data Access Control Over Multiple Cloud Servers in Mobile Cloud Computing Based Healthcare Applications , 2019, IEEE Transactions on Industrial Informatics.

[2]  Jung Hee Cheon,et al.  A Reusable Fuzzy Extractor with Practical Storage Size: Modifying Canetti et al.'s Construction , 2018, ACISP.

[3]  Victor I. Chang,et al.  A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment , 2018, Future Gener. Comput. Syst..

[4]  R. C. Mittal,et al.  Dynamic ID-based remote user password authentication schemes using smart cards: A review , 2012, J. Netw. Comput. Appl..

[5]  Debiao He,et al.  Anonymous two-factor authentication for consumer roaming service in global mobility networks , 2013, IEEE Transactions on Consumer Electronics.

[6]  Xiong Li,et al.  Provably secure user authentication and key agreement scheme for wireless sensor networks , 2016, Secur. Commun. Networks.

[7]  Eun-Jun Yoon,et al.  Secure Signature-Based Authenticated Key Establishment Scheme for Future IoT Applications , 2017, IEEE Access.

[8]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[9]  Lu Zhou,et al.  Lightweight IoT-based authentication scheme in cloud computing circumstance , 2019, Future Gener. Comput. Syst..

[10]  Mauro Conti,et al.  Provably Secure Authenticated Key Agreement Scheme for Smart Grid , 2018, IEEE Transactions on Smart Grid.

[11]  Mauro Conti,et al.  Design of Secure User Authenticated Key Management Protocol for Generic IoT Networks , 2018, IEEE Internet of Things Journal.

[12]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[13]  Jiannong Cao,et al.  A dynamic user authentication scheme for wireless sensor networks , 2006, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06).

[14]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[15]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[16]  Andrei V. Gurtov,et al.  PAuthKey: A Pervasive Authentication Protocol and Key Establishment Scheme for Wireless Sensor Networks in Distributed IoT Applications , 2014, Int. J. Distributed Sens. Networks.

[17]  Marko Hölbl,et al.  A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion , 2014, Ad Hoc Networks.

[18]  Israa Alqassem Privacy and security requirements framework for the internet of things (IoT) , 2014, ICSE Companion.

[19]  S. Devadas,et al.  Design and Implementation of PUF-Based "Unclonable" RFID ICs for Anti-Counterfeiting and Security Applications , 2008, 2008 IEEE International Conference on RFID.

[20]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[21]  Dan Zhang,et al.  Dissipative Filtering for Switched Fuzzy Systems With Missing Measurements , 2020, IEEE Transactions on Cybernetics.

[22]  Chun-Hung Liu,et al.  Enhancement of Two-Factor User Authentication in Wireless Sensor Networks , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[23]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[24]  Sanjay Singh,et al.  Privacy preserving and ownership authentication in ubiquitous computing devices using secure three way authentication , 2012, 2012 International Conference on Innovations in Information Technology (IIT).

[25]  David von Oheimb The High-Level Protocol Specification Language HLPSL developed in the EU project AVISPA , 2005 .

[26]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[27]  Willy Susilo,et al.  Secure Message Communication Protocol Among Vehicles in Smart City , 2018, IEEE Transactions on Vehicular Technology.

[28]  Sherali Zeadally,et al.  Taxonomy and analysis of security protocols for Internet of Things , 2018, Future Gener. Comput. Syst..

[29]  Jongpil Jeong,et al.  Integrated OTP-Based User Authentication Scheme Using Smart Cards in Home Networks , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[30]  Jianfeng Ma,et al.  An Efficient Ticket Based Authentication Protocol with Unlinkability for Wireless Access Networks , 2014, Wirel. Pers. Commun..

[31]  Jiguo Yu,et al.  A Privacy Preserving Communication Protocol for IoT Applications in Smart Homes , 2016, 2016 International Conference on Identification, Information and Knowledge in the Internet of Things (IIKI).

[32]  Wenting Li,et al.  Cryptanalysis and Security Enhancement of Three Authentication Schemes in Wireless Sensor Networks , 2018, Wirel. Commun. Mob. Comput..

[33]  Chin-Chen Chang,et al.  A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks , 2016, IEEE Transactions on Wireless Communications.

[34]  Ashok Kumar Das,et al.  Lightweight and Physically Secure Anonymous Mutual Authentication Protocol for Real-Time Data Access in Industrial Wireless Sensor Networks , 2019, IEEE Transactions on Industrial Informatics.

[35]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[36]  Sasu Tarkoma,et al.  A gap analysis of Internet-of-Things platforms , 2015, Comput. Commun..

[37]  Wei Ni,et al.  Anatomy of Threats to the Internet of Things , 2019, IEEE Communications Surveys & Tutorials.

[38]  Athanasios V. Vasilakos,et al.  On the Design of Provably Secure Lightweight Remote User Authentication Scheme for Mobile Cloud Computing Services , 2017, IEEE Access.

[39]  Sheetal Kalra,et al.  Secure multi‐factor remote user authentication scheme for Internet of Things environments , 2017, Int. J. Commun. Syst..

[40]  nbspK .Aparna Reddy,et al.  Securing IOT for Smart Home System , 2016 .

[41]  Mun-Kyu Lee,et al.  Improvement of Das's Two-Factor Authentication Protocol in Wireless Sensor Networks , 2009, IACR Cryptol. ePrint Arch..

[42]  Sung-Ming Yen,et al.  Shared Authentication Token Secure Against Replay and Weak Key Attacks , 1997, Inf. Process. Lett..

[43]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[44]  Athanasios V. Vasilakos,et al.  Design and analysis of authenticated key agreement scheme in cloud-assisted cyber-physical systems , 2020, Future Gener. Comput. Syst..

[45]  Li Jun,et al.  Smart Home System Based on IOT Technologies , 2013, 2013 International Conference on Computational and Information Sciences.

[46]  Prosanta Gope,et al.  A Realistic Lightweight Anonymous Authentication Protocol for Securing Real-Time Application Data Access in Wireless Sensor Networks , 2016, IEEE Transactions on Industrial Electronics.

[47]  Yufei Chen,et al.  Performance evaluation of implicit smartphones authentication via sensor-behavior analysis , 2018, Inf. Sci..

[48]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[49]  Yufei Chen,et al.  Performance Analysis of Multi-Motion Sensor Behavior for Active Smartphone Authentication , 2018, IEEE Transactions on Information Forensics and Security.

[50]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[51]  Nai-Wei Lo,et al.  A Lightweight Continuous Authentication Protocol for the Internet of Things , 2018, Sensors.

[52]  Tony Q. S. Quek,et al.  Lightweight and Practical Anonymous Authentication Protocol for RFID Systems Using Physically Unclonable Functions , 2018, IEEE Transactions on Information Forensics and Security.

[53]  Xuemin Shen,et al.  A Lightweight Encryption Scheme for Network-Coded Mobile Ad Hoc Networks , 2014, IEEE Transactions on Parallel and Distributed Systems.

[54]  Mohamed Amine Ferrag,et al.  Authentication Protocols for Internet of Things: A Comprehensive Survey , 2016, Secur. Commun. Networks.

[55]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[56]  Ping Wang,et al.  Zipf’s Law in Passwords , 2017, IEEE Transactions on Information Forensics and Security.

[57]  Jorge Sá Silva,et al.  Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues , 2015, IEEE Communications Surveys & Tutorials.

[58]  Jianfeng Ma,et al.  A new authentication scheme with anonymity for wireless environments , 2004, IEEE Trans. Consumer Electron..

[59]  Willy Susilo,et al.  Secure Remote User Authenticated Key Establishment Protocol for Smart Home Environment , 2020, IEEE Transactions on Dependable and Secure Computing.