Advanced lightweight multi-factor remote user authentication scheme for cloud-IoT applications

With the ongoing revolution of Internet-enabled devices, Internet of Things (IoT) has emerged as the most popular networking paradigm. The enormous amount of data generated from smart devices in IoT environment is one of the biggest concerns. Cloud computing has emerged as a key technology to process the generated data. The confidential data of user from IoT devices is stored in cloud server and the remote user can access this data anytime, anywhere and at any place from the cloud server. This makes remote user authentication a critical issue. This paper proposes a lightweight remote user authentication scheme for cloud-IoT applications. The formal security analysis using BAN logic and random oracle model confirms that the scheme is resilient to known security attacks. Furthermore, the scheme is formally verified using AVISPA tool which confirms the security against multiple security attacks.

[1]  Chin-Chen Chang,et al.  Provably Secure and Efficient Three-Factor Authenticated Key Agreement Scheme with Untraceability , 2016, Int. J. Netw. Secur..

[2]  Athanasios V. Vasilakos,et al.  A survey on trust management for Internet of Things , 2014, J. Netw. Comput. Appl..

[3]  Athanasios V. Vasilakos,et al.  A Survey on Service-Oriented Network Virtualization Toward Convergence of Networking and Cloud Computing , 2012, IEEE Transactions on Network and Service Management.

[4]  Xu An Wang,et al.  Cost-effective secure E-health cloud system using identity based cryptographic techniques , 2017, Future Gener. Comput. Syst..

[5]  Ji-Jian Chin,et al.  IBI-Mobile Authentication: A Prototype to Facilitate Access Control Using Identity-Based Identification on Mobile Smart Devices , 2017, Wirel. Pers. Commun..

[6]  Dhananjay Singh,et al.  A survey of Internet-of-Things: Future vision, architecture, challenges and services , 2014, 2014 IEEE World Forum on Internet of Things (WF-IoT).

[7]  Sheetal Kalra,et al.  Secure authentication scheme for IoT and cloud servers , 2015, Pervasive Mob. Comput..

[8]  Myung-Sup Kim,et al.  Linear SVM-Based Android Malware Detection for Reliable IoT Services , 2014, J. Appl. Math..

[9]  Chenyu Wang,et al.  Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card , 2017, Secur. Commun. Networks.

[10]  Yalin Chen,et al.  Improved on an improved remote user authentication scheme with key agreement , 2016, IACR Cryptol. ePrint Arch..

[11]  Lih-Chyau Wuu,et al.  Robust smart‐card‐based remote user password authentication scheme , 2014, Int. J. Commun. Syst..

[12]  Yu-Chung Chiu,et al.  Improved remote authentication scheme with smart card , 2005, Comput. Stand. Interfaces.

[13]  Morteza Nikooghadam,et al.  A lightweight authentication and key agreement protocol preserving user anonymity , 2017, Multimedia Tools and Applications.

[14]  Geeta Sharma,et al.  Identity based secure authentication scheme based on quantum key distribution for cloud computing , 2016, Peer-to-Peer Netw. Appl..

[15]  Eun-Jun Yoon,et al.  Further improvement of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[16]  Sheetal Kalra,et al.  Advanced multi-factor user authentication scheme for E-governance applications in smart cities , 2019 .

[17]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[18]  WuuLih-Chyau,et al.  Robust smart-card-based remote user password authenticationscheme , 2014 .

[19]  Xu An Wang,et al.  Improved group‐oriented proofs of cloud storage in IoT setting , 2018, Concurr. Comput. Pract. Exp..

[20]  Vanga Odelu,et al.  A secure effective key management scheme for dynamic access control in a large leaf class hierarchy , 2014, Inf. Sci..

[21]  Wenfen Liu,et al.  Secure and Efficient Smart Card Based Remote User Password Authentication Scheme , 2016, Int. J. Netw. Secur..

[22]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[23]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[24]  Mukesh Soni,et al.  Advanced formal authentication protocol using smart cards for network applicants , 2018, Comput. Electr. Eng..

[25]  E. Kirubakaran,et al.  Smart card based remote user authentication schemes — Survey , 2012 .

[26]  Ronggong Song Advanced smart card based password authentication protocol , 2010, Comput. Stand. Interfaces.

[27]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[28]  Kee-Young Yoo,et al.  Improvement of Chien et al.'s remote user authentication scheme using smart cards , 2005, Comput. Stand. Interfaces.

[29]  Hari Om,et al.  An Efficient Two-Factor Remote User Authentication and Session Key Agreement Scheme Using Rabin Cryptosystem , 2017, Arabian Journal for Science and Engineering.

[30]  Xiong Li,et al.  An improved remote user authentication scheme with key agreement , 2014, Comput. Electr. Eng..

[31]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[32]  Ya-Fen Chang,et al.  Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update , 2014, Int. J. Commun. Syst..

[33]  Jianfeng Ma,et al.  Improvement of robust smart‐card‐based password authentication scheme , 2015, Int. J. Commun. Syst..

[34]  Wei-Chi Ku,et al.  Weaknesses and improvement of Wang et al.'s remote user password authentication scheme for resource-limited environments , 2009, Comput. Stand. Interfaces.

[35]  Fei Wang,et al.  An Optimized Computational Model for Multi-Community-Cloud Social Collaboration , 2014, IEEE Transactions on Services Computing.

[36]  Wei-Kuan Shih,et al.  Security enhancement on an improvement on two remote user authentication schemes using smart cards , 2011, Future Gener. Comput. Syst..

[37]  ChangVictor,et al.  Cloud computing adoption framework , 2016 .

[38]  Cheng-Chi Lee,et al.  A remote user authentication scheme using hash functions , 2002, OPSR.

[39]  Xu An Wang,et al.  A new proxy re-encryption scheme for protecting critical information systems , 2015, J. Ambient Intell. Humaniz. Comput..

[40]  Yogesh Palanichamy,et al.  Secure and Efficient Smart-Card-Based Remote User Authentication Scheme for Multiserver Environment , 2015, Canadian Journal of Electrical and Computer Engineering.

[41]  Xiong Li,et al.  An enhanced smart card based remote user password authentication scheme , 2013, J. Netw. Comput. Appl..

[42]  Cheng-Chi Lee,et al.  Password Authentication Schemes: Current Status and Key Issues , 2006, Int. J. Netw. Secur..

[43]  Muhammad Sher,et al.  Cryptanalysis for Secure and Efficient Smart-Card-Based Remote User Authentication Scheme for Multi-server Environment , 2015, IACR Cryptol. ePrint Arch..

[44]  Kuldip Singh,et al.  An improvement of Xu et al.'s authentication scheme using smart cards , 2010, Bangalore Compute Conf..

[45]  Saru Kumari,et al.  Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems , 2016, Comput. Methods Programs Biomed..

[46]  Sourav Mukhopadhyay,et al.  A privacy preserving biometric-based three-factor remote user authenticated key agreement scheme , 2017, J. Inf. Secur. Appl..

[47]  Young-Hwa An Security improvements of dynamic ID-based remote user authentication scheme with session key agreement , 2013, 2013 15th International Conference on Advanced Communications Technology (ICACT).

[48]  MaJianfeng,et al.  Improvement of robust smart-card-based password authentication scheme , 2015 .

[49]  Hari Om,et al.  Cryptanalysis and Security Enhancement of Three-Factor Remote User Authentication Scheme for Multi-Server Environment , 2017, Int. J. Bus. Data Commun. Netw..

[50]  Muthu Ramachandran,et al.  Cloud Computing Adoption Framework – a security framework for business clouds , 2015 .

[51]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[52]  Xiaomin Wang,et al.  Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards , 2007, Comput. Stand. Interfaces.