A three-factor anonymous user authentication scheme for Internet of Things environments

Abstract To accelerate the deployment of fifth-generation (5G) cellular networks, millions of devices are being connected to massive Internet of Things (IoT) networks. However, advances in the scale of connectivity on 5G networks may increase the attack surface of these devices, thereby increasing the number of attack opportunities. To address the potential security risks in IoT systems, one feasible security practice involves the development of secure and efficient user authentication schemes. In 2017, Dhillon and Kalra proposed a three-factor user authentication scheme for IoT. We noted that their scheme suffers from several security weaknesses. In this study, we specifically demonstrate that the scheme proposed by Dhillon and Kalra (1) is not secured from a stolen mobile device attack; (2) does not prevent a user impersonation attack; (3) does not provide a session key agreement; (4) does not have a contingency plan (e.g., a revocation phase) for situations where a user’s private key is compromised, or a mobile device is stolen or lost. We propose an improved three-factor user authentication scheme to resolve these security issues. Furthermore, we demonstrate that the proposed scheme provides desirable attributes for IoT environments and that its computation and communication costs are suitable for extremely low-cost IoT devices.

[1]  Xiong Li,et al.  Provably secure user authentication and key agreement scheme for wireless sensor networks , 2016, Secur. Commun. Networks.

[2]  Vanga Odelu,et al.  An Effective and Robust Secure Remote User Authenticated Key Agreement Scheme Using Smart Cards in Wireless Communication Systems , 2015, Wirel. Pers. Commun..

[3]  Xiong Li,et al.  An efficient multi-gateway-based three-factor user authentication and key agreement scheme in hierarchical wireless sensor networks , 2016, Secur. Commun. Networks.

[4]  Sourav Mukhopadhyay,et al.  A Self-Verifiable Password Based Authentication Scheme for Multi-Server Architecture Using Smart Card , 2017, Wirel. Pers. Commun..

[5]  Sheetal Kalra,et al.  Secure multi‐factor remote user authentication scheme for Internet of Things environments , 2017, Int. J. Commun. Syst..

[6]  Jian Shen,et al.  A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks , 2017, Future Gener. Comput. Syst..

[7]  Rajaram Ramasamy,et al.  New Remote Mutual Authentication Scheme using Smart Cards , 2009, Trans. Data Priv..

[8]  Sourav Mukhopadhyay,et al.  A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards , 2014, Expert Syst. Appl..

[9]  Dheerendra Mishra,et al.  Efficient and secure two-factor dynamic ID-based password authentication scheme with provable security , 2018, Cryptologia.

[10]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[11]  Li Yang,et al.  Cryptanalysis and improvement of a biometrics-based authentication and key agreement scheme for multi-server environments , 2018, PloS one.

[12]  Ping Wang,et al.  The Request for Better Measurement: A Comparative Evaluation of Two-Factor Authentication Schemes , 2016, AsiaCCS.

[13]  Dariush Abbasinezhad-Mood,et al.  Design and hardware implementation of a security-enhanced elliptic curve cryptography based lightweight authentication scheme for smart grid communications , 2018, Future Gener. Comput. Syst..

[14]  Ruhul Amin,et al.  A robust mutual authentication scheme for session initiation protocol with key establishment , 2018, Peer Peer Netw. Appl..

[15]  Sherali Zeadally,et al.  Lightweight Three-Factor Authentication and Key Agreement Protocol for Internet-Integrated Wireless Sensor Networks , 2017, IEEE Access.

[16]  Hsin-Wen Wei,et al.  A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2011, Sensors.

[17]  Subhasish Banerjee,et al.  An Enhanced and Secure Biometric Based User Authentication Scheme in Wireless Sensor Networks Using Smart Cards , 2019, Wireless Personal Communications.

[18]  Dongwoo Kang,et al.  An improved anonymous authentication scheme for roaming in ubiquitous networks , 2018, PloS one.

[19]  Chun Chen,et al.  An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks , 2010, Ad Hoc Sens. Wirel. Networks.

[20]  Muhammad Khurram Khan,et al.  A provably secure anonymous authentication scheme for Session Initiation Protocol , 2016, Secur. Commun. Networks.

[21]  Xiong Li,et al.  An enhanced mutual authentication and key agreement scheme for mobile user roaming service in global mobility networks , 2016, Annals of Telecommunications.

[22]  Dongho Won,et al.  Secure and Efficient Three-Factor Protocol for Wireless Sensor Networks , 2018, Sensors.

[23]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[24]  Jiannong Cao,et al.  A dynamic user authentication scheme for wireless sensor networks , 2006, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06).

[25]  Athanasios V. Vasilakos,et al.  Secure Biometric-Based Authentication Scheme Using Chebyshev Chaotic Map for Multi-Server Environment , 2018, IEEE Transactions on Dependable and Secure Computing.

[26]  David A. Wagner,et al.  Security in wireless sensor networks , 2004, SASN '04.

[27]  Xiong Li,et al.  A Secure Three-Factor User Authentication Protocol With Forward Secrecy for Wireless Medical Sensor Network Systems , 2020, IEEE Systems Journal.

[28]  Shehzad Ashraf Chaudhry A secure biometric based multi-server authentication scheme for social multimedia networks , 2016, Multimedia Tools and Applications.

[29]  Peilin Hong,et al.  A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks , 2013, J. Netw. Comput. Appl..

[30]  H. T. Mouftah,et al.  Improved two-factor user authentication in wireless sensor networks , 2010, 2010 IEEE 6th International Conference on Wireless and Mobile Computing, Networking and Communications.

[31]  Ashok Kumar Das,et al.  An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks , 2015, Secur. Commun. Networks.

[32]  Muhammad Khurram Khan,et al.  An enhanced lightweight anonymous biometric based authentication scheme for TMIS , 2017, Multimedia Tools and Applications.

[33]  Chao Yang,et al.  Efficient end-to-end authentication protocol for wearable health monitoring systems , 2017, Comput. Electr. Eng..

[34]  Cheng-Chi Lee,et al.  An Advanced Temporal Credential-Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks , 2013, Sensors.

[35]  YoHan Park,et al.  Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks , 2016, Sensors.

[36]  Junyu Lai,et al.  A Novel Authenticated Key Agreement Protocol With Dynamic Credential for WSNs , 2019, ACM Trans. Sens. Networks.

[37]  Kee-Young Yoo,et al.  An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography , 2016, PloS one.

[38]  Muhammad Khurram Khan,et al.  User authentication schemes for wireless sensor networks: A review , 2015, Ad Hoc Networks.

[39]  Saru Kumari,et al.  An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment , 2016, Ad Hoc Networks.

[40]  Chin-Chen Chang,et al.  A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks , 2016, IEEE Transactions on Wireless Communications.

[41]  Dongwoo Kang,et al.  Efficient and robust user authentication scheme that achieve user anonymity with a Markov chain , 2016, Secur. Commun. Networks.

[42]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[43]  Marko Hölbl,et al.  A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion , 2014, Ad Hoc Networks.

[44]  Dongwoo Kang,et al.  An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System , 2017, PloS one.

[45]  Yixian Yang,et al.  Robust Biometrics Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards , 2015, PloS one.

[46]  Xiong Li,et al.  A more secure digital rights management authentication scheme based on smart card , 2014, Multimedia Tools and Applications.

[47]  Andrei Gurtov,et al.  Security for 5G and Beyond , 2019, IEEE Communications Surveys & Tutorials.

[48]  Satyajit Banerjee,et al.  Symmetric key based authenticated querying in wireless sensor networks , 2006, InterSense '06.

[49]  Ashok Kumar Das,et al.  A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications , 2013 .

[50]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[51]  Dongho Won,et al.  Anonymous Authentication Scheme for Intercommunication in the Internet of Things Environments , 2015, Int. J. Distributed Sens. Networks.

[52]  Muhammad Khurram Khan,et al.  Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’ , 2010, Sensors.

[53]  Muhammad Sher,et al.  An anonymous and provably secure biometric-based authentication scheme using chaotic maps for accessing medical drop box data , 2016, The Journal of Supercomputing.

[54]  Samiran Chattopadhyay,et al.  A Provably Secure and Lightweight Anonymous User Authenticated Session Key Exchange Scheme for Internet of Things Deployment , 2019, IEEE Internet of Things Journal.

[55]  Xiong Li,et al.  A Dynamic ID-Based Generic Framework for Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks , 2017, Wirel. Pers. Commun..

[56]  Min-Shiang Hwang,et al.  A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[57]  Peng Ning,et al.  An efficient scheme for authenticating public keys in sensor networks , 2005, MobiHoc '05.