An Anonymous Pre-Authentication and Post-Authentication Scheme Assisted by Cloud for Medical IoT Environments

Abstract

The Internet of Things (IoT) environment assisted by a cloud server is an emerging conceptual model which incorporates the benefits of both IoT and cloud. In such an integrated model, IoT gathers information from the sensors, and the cloud server significantly increases the importance of this information by exchanging and processing them. Session key agreement among the user and sensors is practiced nowadays to accelerate the authentication process in Medical IoT (MIoT). However, the use of GateWay Node (GWN) or Trusted Third Party (TTP) for the control of participant registration, session key agreement and data storage was not efficient in IoT because they suffer from increased communication and computation costs. Hence, in this paper, we have proposed a new cloud based session key agreement and data storage scheme which consists of an improved authentication mechanism for MIoT. The proposed scheme achieves anonymous pre-authentication and post-authentication. In this proposed system, with the support of the user data, the cloud server generates the pseudo-identity and this identity is used by a cloud server to anonymously authenticate the legitimacy of a requesting user. After successful login, the cloud server and the user share the session key and data communication occurs. The security analysis of our proposed scheme demonstrates that it is resistant to a variety of security attacks. Moreover, the simulated performance analysis proves that the communication and computation costs associated with our work are acceptable than the existing works.