Abstract
Internet of Things has remarkable effects in human's daily life. It is important for users and sensors to securely access data collected by low-cost sensors via Internet in real-time IoT applications. There exist many authentication protocols for guaranteeing secure communication between users and sensors. However, in some protocols, the privacy of unattended sensors subjected to capture node attacks cannot be guaranteed. Moreover, the sensors subjected to physical tampering attacks can still execute normally the authentication process. Besides, an authentication protocol should be lightweight due to the restricted computing power and storage of the sensors. The idea of designing a more secure and lightweight authentication protocol engender this article. The proposed protocol can provide the physical security through physically unclonable function (PUF), require no additional phase to update challenge-response pairs (CRPs), and store a single CRP for each sensor. At the same time, the proposed protocol utilizes three factors, such as personal biometrics, smartcard and password, to strengthen the security contrasting with two factors, and manipulates some basic cryptographic operations, including bitwise-exclusive-OR (XOR) and hash function, to achieve the lightweight performance. Moreover, both formal security analysis based on Real-Or-Random (ROR) and informal security analysis demonstrate the security of the proposed protocol. Compared with the existing related protocols, the proposed protocol has the advantage in terms of security, functionality and computation costs. Finally, a NS3 simulation on measuring various network performance parameters indicates that the proposed protocol is practical in IoT environment.
Highlights
T HE Internet of Things is established by these objects that are capable of perceiving the surrounding environment and interacting with other objects via network [1]
Since the adversaries could collect additional information from users’ and senosors’ identity, it is essential for IoT authentication protocols to possess user/sensor anonymity and untraceability
Amin et al [24] indicated that Farash et al.’s protocol [23] can not resist offline password guessing, user impersonation and stolen smart card attack, and cannot offer user anonymity, and presented an improved three-factor protocol by using of password, smartcard, and biometrics
Summary
T HE Internet of Things is established by these objects that are capable of perceiving the surrounding environment and interacting with other objects via network [1]. Some challenges come from the nature of Internet that IoT are based on, where the transmitted data between users and devices can not be well protected. It is critical for the network wellfunctioning to guarantee that the devices participating in the IoT network are trusted since a single compromised node could give rise to some security matters even undermine the whole system [6] Since these sensors have limited power and are deployed in open and public places without being physically well-protecting, some adversaries can capture these devices to extract credentials from memory of captured sensors and launch sensors tempering attacks. Since the adversaries could collect additional information (e.g., location, IP address) from users’ and senosors’ identity, it is essential for IoT authentication protocols to possess user/sensor anonymity and untraceability. The proposed protocol utilizes three factors: smart cards, passwords and biometrics for authentication, and employs hash algorithm, XOR operations and physically unclonable function to achieve lightweight and physical security. By using of NS3 [18] simulation tool, the simulation result of low end-to-end delay (EED) and high packet delivery rate (PDR) demonstrates that the proposed protocol is practical and suitable for IoT environment
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
