Abstract
The Internet of Things (IoT) is being applied to various environments such as telecare systems, smart homes, and intelligent transportation systems. The information generated from IoT devices is stored at remote servers, and external users authenticate to the server for requesting access to the stored data. In IoT environments, the authentication process is required to be conducted efficiently, and should be secure against various attacks and ensure user anonymity and untraceability to ensure sustainability of the network. However, many existing protocols proposed in IoT environments do not meet these requirements. Recently, Rajaram et al. proposed a paring-based user authentication scheme. We found that the Rajaram et al. scheme is vulnerable to various attacks such as offline password guessing, impersonation, privileged insider, and known session-specific temporary information attacks. Additionally, as their scheme uses bilinear pairing, it requires high computation and communication costs. In this study, we propose a novel authentication scheme that resolves these security problems. The proposed scheme uses only hash and exclusive-or operations to be applicable in IoT environments. We analyze the proposed protocol using informal analysis and formal analysis methods such as the BAN logic, real-or-random (ROR) model, and the AVISPA simulation, and we show that the proposed protocol has better security and performance compared with existing authentication protocols. Consequently, the proposed protocol is sustainable and suitable for real IoT environments.
Highlights
The Internet of Things (IoT) has become an essential technology in business and industry that is being applied to various environments [1,2,3,4,5,6,7,8] including telecare systems, smart grids, intelligent transportation systems, and global roaming systems to make human lives more prosperous
Communications in IoT environments are performed on wireless channels, which are prone to attacks by adversaries
We prove correctness of the proposed protocol using the BAN logic, and show that the proposed protocol is secure against replay and MiTM attacks using automated validation of internet security protocols and application (AVISPA) simulation tool
Summary
The Internet of Things (IoT) has become an essential technology in business and industry that is being applied to various environments [1,2,3,4,5,6,7,8] including telecare systems, smart grids, intelligent transportation systems, and global roaming systems to make human lives more prosperous. Recently proposed authentication schemes in IoT environments have several security vulnerabilities, and require high amounts of computation using elliptic curve cryptosystem (ECC) [13] scalar multiplication and bilinear paring operations [14]. These shortcomings can cause problems with the sustainability of the network. We analyze that their scheme has several security vulnerabilities to be applied in wireless networks Their scheme cannot guarantee user anonymity and requires a high amount of computational cost because it uses bilinear pairing. We propose an improved authentication protocol that can resolve these issues
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have