Abstract

The on demand availability of resources in Cyber physical system (CPS) has emerged as a viable service providing platform to improve the resource usability and reducing the infrastructure costs. Nevertheless, the development recompenses can only be realized after avoiding security and privacy issues. A secure and reliable CPS can offer improved efficiency, usability and reliability along with autonomy. To secure such systems, in 2018 Challa et al. (2018) proposed a security system to extend an authenticated key agreement between a user and a cloud server via trusted authority; as an application, they also customized their system to work with autonomous smart meter and cloud server. Challa et al. then claimed the security of their proposed scheme through formal, informal and automated validations. However, this paper unveils the weaknesses of their scheme and shows that their scheme cannot facilitate in forming a session key between the user/smart meter and the cloud server. Precisely, in the presence of more than one registered users/smart meters, the latter in their scheme may never receive a response message because of a critical design error. Moreover, their scheme lacks the untraceable anonymity and the lack of request verification on cloud server side may also lead to replay and/or denial of services attack. The article then introduces an improved and secure authentication system free of correctness issues, to facilitate a key agreement between user and cloud server via trusted authority. As an application, the proposed system also works for smart meter and cloud server to reach a key agreement. Based on the hardness assumption of Elliptic Curve Decisional Diffi-Hellman Problem (ECDDHP), the formal Random oracle model proves the security of the proposed scheme. Moreover, the robustness of the scheme is explained through informal analysis. The proposed system while providing all known security features has slightly increased the computation and communication costs as compared with the scheme of Challa et al. The proposed scheme completes a cycle of authentication by exchanging 2080 bits in just 13.4066 ms.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.