Abstract

Wireless sensor networks (WSNs) have played an important role in the Internet of Things (IoT), and the 5G network is being considered as a major candidate for IoT's communication network with the advent of 5G commercialization. The potential of integrating WSNs and 5G in the IoT is expected to allow IoT to penetrate deeply into our daily lives and to provide various services that are convenient, but at the same time, it also brings new security threats. From this aspect, user authentication and key agreement are essential for secure end-to-end communication. As IoT devices, including sensors, collect and process more and more personal information, both anonymous authentication and authorization are also required to protect the privacy and to prevent anyone without privileges from accessing private data. Recently, Adavoudi-Jolfaei et al. proposed an anonymous three-factor authentication and access control scheme for real-time applications in WSNs. However, we found that this scheme does not provide sensor-node anonymity and suffers from user collusion and desynchronization attacks. In this paper, we introduce a system architecture by considering the integration of WSNs and 5G for IoT. Based on a cryptanalysis of Adavoudi-Jolfaei et al.'s scheme and the system architecture, we propose an elliptic curve cryptography (ECC)-based privacy-preserving authentication, authorization, and key agreement scheme for WSNs in 5G-integrated IoT. We conduct a formal and informal security analysis in order to demonstrate that the proposed scheme withstands various security attacks and guarantees all desired security features, overcoming the drawbacks of Adavoudi-Jolfaei et al.'s scheme. Finally, a performance and comparative analysis with the related schemes indicate that the proposed scheme is both efficient and more secure.

Highlights

  • The Internet of Things (IoT) is an intelligent technology and service that connects all things including sensors, smartphones, and home appliances to communicate information between people and things based on the Internet

  • OUR PROPOSED SCHEME we propose an elliptic curve cryptography (ECC)-based anonymous authentication, authorization and key agreement scheme as an improved version of Adavoudi-Jolfaei et al.’s scheme

  • We introduced a system architecture suitable for Wireless sensor networks (WSNs) in 5G-integrated IoT

Read more

Summary

INTRODUCTION

The Internet of Things (IoT) is an intelligent technology and service that connects all things including sensors, smartphones, and home appliances to communicate information between people and things based on the Internet. Their scheme does not provide sensor node anonymity, and it is vulnerable to user collusion attacks in which malicious users collude with each other in order to access data that is inaccessible with their own privileges. AAS with IoT application servers and system administrators is responsible for registering users, issuing membership parameters including access rights based on personal credit information, deploying WSNs, and setting up identities and keys for gateways and sensor nodes. We employ ECC to address the security weaknesses found in Adavoudi-Jolfaei et al.’s scheme, ECC operations are performed by users, authentication and authorization servers, and gateways with fewer resource constraints than sensor nodes.

SYSTEM SETUP PHASE
PASSWORD AND BIOMETRIC UPDATE PHASE
ACCESS PRIVILEGE UPDATE PHASE
SECURITY ANALYSIS
AUTHENTICATION PROOF BASED ON BAN LOGIC
PERFORMANCE ANALYSIS
CONCLUSION

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.