An enhanced authentication scheme for Internet of Things and cloud based on elliptic curve cryptography

Abstract

SummaryAuthentication plays a fundamental role in achieving security over unreliable channels. Authentication is a technique that lets an entity verify the identity of other communicating entities. There are a plethora of authentication schemes available in recent times. A short time ago, Kumari et al. offered an authentication protocol using elliptic curve cryptography (ECC) for Internet of Things (IoT) and professed that their design defends various security attacks. We examined Kumari et al.'s scheme and detected some loopholes like (1) inefficient login phase, (2) inefficient authentication phase, (3) known session‐specific temporary information attack, (4) denial‐of‐service (DoS) attack, and (5) lack of password changing phase. To eradicate all these flaws, we present an enhanced authentication protocol utilizing ECC for deployment in the field of IoT using cloud servers. This protocol uses hypertext transfer protocol (HTTP) cookies to authenticate clients. The developed protocol provides various security features and able to counter various security attacks. The security analysis validates that the extended scheme is potent. We simulate our protocol in Automated Validation of Internet Security Protocols and Applications (AVISPA) tool that evaluates the safety of the scheme in the presence of an adversary. We compare the proposed scheme with some similar schemes in respect of computation cost, estimated time, storage cost, communication cost, and security features.