Abstract
The age of Internet of things gives rise to more challenges to various secure demands when designing the protocols, such as object identification and tracking, and privacy control. In many of the current protocols, a malicious server may cheat users as if it was a legal server, making it vital to verify the legality of both users and servers with the help of a trusted third-party, such as a registration center. Li et al. proposed an authentication protocol based on dynamic identity for multi-server environment, which is still susceptible to password-guessing attack, eavesdropping attack, masquerade attack, and insider attack etc. Besides, their protocol does not provide the anonymity of users, which is an essential request to protect users’ privacy. In this article, we present an improved authentication protocol, depending on the registration center in multi-server environments to remedy these security flaws. Different from the previous protocols, registration center in our proposed protocol is one of parties in authentication phase to verify the legality of the users and the servers, thus can effectively avoid the server spoofing attack. Our protocol only uses nonce, exclusive-OR operation, and one-way hash function in its implementation. Formal analysis has been performed using the Burrows–Abadi–Needham logic to show its security.
Highlights
Great research efforts have been made on Internet of things (IoT), and a wide range of application scenarios, such as object identification and tracking, healthcare, privacy control, and military.[1,2,3,4]
End-devices like smart cards often carry a certain level of infrastructure equivalent to a tiny computer, including the computation power, storage functionality, and communications, which make the mutual authentication and key agreement protocol possible
Li et al stated that their protocol could resist kinds of security attacks; we find that their protocol is still vulnerable to many attacks, such as insider attack, smart card forgery attack, eavesdropping attack, masquerade attack, and offline password-guessing attack, which are detailed as the following
Summary
Great research efforts have been made on Internet of things (IoT), and a wide range of application scenarios, such as object identification and tracking, healthcare, privacy control, and military.[1,2,3,4] Along with the convenience they bring security issues of personal privacy in terms of the constant, and transparent leakage of private information may arise. End-devices like smart cards often carry a certain level of infrastructure equivalent to a tiny computer, including the computation power, storage functionality, and communications, which make the mutual authentication and key agreement protocol possible They can prevent unauthorized users from gaining access to sensitive resources and prevent legitimate users from accessing resources in an unauthorized manner. We find that they are still susceptible to replay attack, impersonation attack, password-guessing attack, and so on To remedy these flaws, enhance security, and reduce the computational complexity, we propose an improved dynamic identity (ID) based on authentication protocol for multi-server architecture. Enhance security, and reduce the computational complexity, we propose an improved dynamic identity (ID) based on authentication protocol for multi-server architecture This protocol achieves user’s anonymity and resists various kinds of attacks, and finishes the mutual authentication and session key agreement.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
