Abstract
With the development of cloud computing and communication technology, users can access the internet of things (IoT) services provided in various environments, including smart home, smart factory, and smart healthcare. However, a user is insecure various types of attacks, because sensitive information is often transmitted via an open channel. Therefore, secure authentication schemes are essential to provide IoT services for legal users. In 2019, Pelaez et al. presented a lightweight IoT-based authentication scheme in cloud computing environment. However, we prove that Pelaez et al.’s scheme cannot prevent various types of attacks such as impersonation, session key disclosure, and replay attacks and cannot provide mutual authentication and anonymity. In this paper, we present a secure and lightweight three-factor authentication scheme for IoT in cloud computing environment to resolve these security problems. The proposed scheme can withstand various attacks and provide secure mutual authentication and anonymity by utilizing secret parameters and biometric. We also show that our scheme achieves secure mutual authentication using Burrows–Abadi–Needham logic analysis. Furthermore, we demonstrate that our scheme resists replay and man-in-the-middle attacks usingthe automated validation of internet security protocols and applications (AVISPA) simulation tool. Finally, we compare the performance and the security features of the proposed scheme with some existing schemes. Consequently, we provide better safety and efficiency than related schemes and the proposed scheme is suitable for practical IoT-based cloud computing environment.
Highlights
With the recent advances in wireless sensor networks and embedded technologies, internet of things (IoT) connects objects and shares various useful data with internet through resource-constrained devices to provide convenient services for users such as smart home, healthcare, vehicle to everything and smart gird
We prove that the proposed scheme provides secure mutual authentication using the Burrows–Abadi–Needham (BAN) logic [12] and perform an informal security analysis to prove that our scheme is secure against various attacks such as MITM, impersonation, replay and session key disclosure attacks
This paper shows that Pelaez et al.’s scheme does not defend various attacks such as impersonation, session key disclosure and replay attacks
Summary
With the recent advances in wireless sensor networks and embedded technologies, internet of things (IoT) connects objects and shares various useful data with internet through resource-constrained devices to provide convenient services for users such as smart home, healthcare, vehicle to everything and smart gird. The cloud computing provides five essential characteristics: on-demand self-services, ubiquitous network access, rapid elasticity, measured service and resource pooling [1,2]. The cloud computing deals with an ocean of data generated by devices and sensors and provides data managing service for users through these essential characteristics. These services are vulnerable to potential attacks by malicious adversaries because they are provided through an open channel, including sensitive data of legitimate user about location, health, payment, etc. In 2002, Chien et al proposed two factor authentication scheme to overcome this security flaw using password and smart cards. In 2019, Pelaez et al [8] demonstrated that the previous scheme is vulnerable to insider, off-line guessing and disclosure attacks and proposed enhanced IoT-based authentication scheme in cloud computing environment. We propose a secure and lightweight three-factor authentication scheme for IoT in cloud computing environment to resolve these security weaknesses, considering computational costs
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have