Abstract
With the continuous development of IoT (Internet of Things) technology, IoT has become a typical representative of the development of new generation of information technology. The IoT allows people to use our data and computing resource anytime and everywhere. In the context of the IoT, the security of the vast amount of data generated by smart devices is one of the biggest concerns. To meet the challenge, the user authentication scheme in IoT should ensure the essential security performance protection and low computing costs. A authentication protocol preserving user anonymity was proposed by Nikooghadam et al. in 2017. In this paper, we further analyze the security of Nikooghadam et al.’s protocol and propose an improved anonymous authentication protocol for IoT. We use the timestamp mechanism and rely on CDH (Computational Diffie-Hellman) problem to improve security primarily. The security of the proposed protocol is verified using BAN logic and the performance comparison and efficiency analysis are carried out. The results show that our improved protocol has higher security with little more computation cost.
Highlights
Internet of things (IoT) is the extension and expansion of the Internet
Since the first mention of IoT concept in 1999 by Ashton, IoT has become a typical representative of the development of a new generation of information and communication technologies, which has profoundly changed human production and lifestyle, such as communication through the Internet, online shopping, online games, electronic medical record systems [1]
We have shown that the proposed protocol could withstand well-known security attacks and provide the mutual authentication between the user and the server
Summary
Internet of things (IoT) is the extension and expansion of the Internet. Since the first mention of IoT concept in 1999 by Ashton, IoT has become a typical representative of the development of a new generation of information and communication technologies, which has profoundly changed human production and lifestyle, such as communication through the Internet, online shopping, online games, electronic medical record systems [1]. The remote user authentication scheme based on smart card has become a hotspot in the field of security protocols [10]. Chang and Wu [11] proposed the first authentication scheme that combines smart cards and passwords to protect security-critical services such as online banking and e-health. VOLUME 7, 2019 the security loopholes, Kumari et al proposed an improved remote user authentication scheme. Chen et al claimed that the Kumari et al scheme is vulnerable to stolen smart card attack and failed to ensure forward secrecy, user anonymity. WEAKNESS 2: PRIVILEGED INSIDER ATTACK AND OFFLINE PASSWORD GUESSING ATTACK Nikooghadam et al.’s protocol is not adequate to secure against insider threat: Step: Insider A knows the Ui s identity IDi from the received registration request {IDi, MPWi} where MPWi = h(IDi||r||PWi). A compiles Step to 4, until the correct PWi is not obtained
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
