Secure and Efficient Authentication Scheme in IoT Environments

Optimization of resource consumption and decreasing the response time of authentication requests is an immense urgent requirement for supporting the scalability of resources in IoT environments. The existing research attempts to design lightweight authentication protocols to address these issues. However, the schemes proposed in the literature are lacking in the creation of a lightweight (i.e., low computing, communication, and storage cost) and secure architecture. IoT devices in existing approaches consume high electricity and computing power, despite the fact that IoT devices have limited power and computing capabilities. Furthermore, the existing approaches lead to an increase in the burden on storage memory and also create heavy traffic on a communication channel, increasing the response time of device authentication requests. To overcome these limitations, we propose a novel lightweight and secure architecture that uses crypto-modules, which optimize the usage of one-way hash functions, elliptic-curve cryptography, and an exclusive-or operation. We demonstrate the proposed scheme’s security strength using informal security analysis and verified it by considering the widely used automated validation of internet security protocol application (AVISPA) and the ProVerif tool. The result shows that the proposed scheme is effective against active and passive security attacks and satisfies secure design. Moreover, we calculate the proposed scheme’s working cost by implementing it using a widely accepted standard pairing-based cryptography (PBC) library on embedded devices. The implementation proves that the proposed scheme is lightweight and reduces computation time by 0.933 ms, communication cost by 1408 bits, and storage cost by 384 bits, and removes the existing gaps.

[1]  Sheetal Kalra,et al.  Multi-factor user authentication scheme for IoT-based healthcare services , 2018, Journal of Reliable Intelligent Environments.

[2]  Longfei Wu,et al.  A Survey on Security and Privacy Issues in Internet-of-Things , 2017, IEEE Internet of Things Journal.

[3]  Mukesh Soni,et al.  Advanced formal authentication protocol using smart cards for network applicants , 2018, Comput. Electr. Eng..

[4]  Elisa Bertino,et al.  An Efficient Time-Bound Hierarchical Key Management Scheme for Secure Broadcasting , 2008, IEEE Transactions on Dependable and Secure Computing.

[5]  YoungHo Park,et al.  A Secure Lightweight Three-Factor Authentication Scheme for IoT in Cloud Computing Environment , 2019, Sensors.

[6]  Kim-Kwang Raymond Choo,et al.  A lightweight machine learning-based authentication framework for smart IoT devices , 2019, Inf. Sci..

[7]  Lingyun Jiang,et al.  An improved authentication scheme for Internet of things , 2020 .

[8]  Lu Zhou,et al.  Lightweight IoT-based authentication scheme in cloud computing circumstance , 2019, Future Gener. Comput. Syst..

[9]  Xinyu Yang,et al.  A Survey on the Edge Computing for the Internet of Things , 2018, IEEE Access.

[10]  Sheetal Kalra,et al.  A secure multi-factor ECC based authentication scheme for Cloud-IoT based healthcare services , 2019, J. Ambient Intell. Smart Environ..

[11]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[12]  Athanasios V. Vasilakos,et al.  LAM-CIoT: Lightweight authentication mechanism in cloud-based IoT environment , 2020, J. Netw. Comput. Appl..

[13]  Morteza Nikooghadam,et al.  A lightweight authentication and key agreement protocol preserving user anonymity , 2017, Multimedia Tools and Applications.

[14]  Victor I. Chang,et al.  A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment , 2018, Future Gener. Comput. Syst..

[15]  Yuwen Chen,et al.  A Bilinear Map Pairing Based Authentication Scheme for Smart Grid Communications: PAuth , 2019, IEEE Access.

[16]  Samiran Chattopadhyay,et al.  Chaotic Map-Based Anonymous User Authentication Scheme With User Biometrics and Fuzzy Extractor for Crowdsourcing Internet of Things , 2018, IEEE Internet of Things Journal.

[17]  Chien-Ming Chen,et al.  A secure authentication scheme for Internet of Things , 2017, Pervasive Mob. Comput..

[18]  Young-Gab Kim,et al.  An Interoperable Access Control Framework for Diverse IoT Platforms Based on OAuth and Role , 2019, Sensors.

[19]  Mohammad S. Obaidat,et al.  A robust ElGamal‐based password‐authentication protocol using smart card for client‐server communication , 2017, Int. J. Commun. Syst..

[20]  Zhi-Yuan Su,et al.  An Authentication Information Exchange Scheme in WSN for IoT Applications , 2020, IEEE Access.

[21]  Guoai Xu,et al.  A Robust IoT-Based Three-Factor Authentication Scheme for Cloud Computing Resistant to Session Key Exposure , 2020, Wirel. Commun. Mob. Comput..

[22]  Elaine B. Barker Recommendation for Key Management - Part 1 General , 2014 .

[23]  Ping Wang,et al.  Revisiting Anonymous Two-Factor Authentication Schemes for IoT-Enabled Devices in Cloud Computing Environments , 2019, Secur. Commun. Networks.

[24]  Sudipta Chattopadhyay,et al.  A secure mutual authentication protocol for IoT environment , 2020, Journal of Reliable Intelligent Environments.

[25]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[26]  Athanasios V. Vasilakos,et al.  Design and analysis of authenticated key agreement scheme in cloud-assisted cyber-physical systems , 2020, Future Gener. Comput. Syst..

[27]  Ruijie Zhang,et al.  A Provably Secure Anonymous Two-Factor Authenticated Key Exchange Protocol for Cloud Computing , 2018, Fundam. Informaticae.

[28]  Jianfeng Chu,et al.  A Secure Authentication and Key Agreement Scheme for IoT-Based Cloud Computing Environment , 2020, Symmetry.

[29]  Jung-Wen Lo,et al.  A Lightweight Authentication and Key Agreement Scheme for Telecare Medicine Information System , 2020 .

[30]  Bin Wang,et al.  A Smart Card Based Efficient and Secured Multi-Server Authentication Scheme , 2012, Wireless Personal Communications.

[31]  Xiong Li,et al.  A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers , 2018, 2018 International Conference on Advances in Computing, Communication Control and Networking (ICACCCN).

[32]  Mou Dasgupta,et al.  An elliptic curve cryptography based enhanced anonymous authentication protocol for wearable health monitoring systems , 2019, International Journal of Information Security.

[33]  Xiong Li,et al.  An improved remote user authentication scheme with key agreement , 2014, Comput. Electr. Eng..