Abstract
Due to the myriad applications of the Internet of Things (IoT) in various sectors like healthcare, military, industry, safety, etc., there is also a need to secure these systems efficiently. The devices in such networks need to provide services to users in a secure manner. User authentication is a mechanism through which we can provide secure communication between IoT devices. Recently Banerjee et al. outlined a lightweight anonymous user authenticated session key exchange scheme for Internet of Things deployment, which uses three-factor authentication of a user such as smart card, password and biometric. In this paper, we cryptanalyze their scheme and find that it is not secure against smart card loss attack and stolen verifier attack. Then we have proposed an improved scheme to overcome the weaknesses of their scheme. We present the formal security analysis of our scheme using the random oracle model and informal security analysis to show that our scheme is secure against many known attacks. Its formal security verification is carried out using ProVerif tool. Its performance analysis is carried out with the related schemes which shows that our scheme is more secure than other schemes. Also, our scheme does not contain any storage table at the gateway side for authentication.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Journal of Ambient Intelligence and Humanized Computing
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
