Abstract
The Internet of Things (IoT) is among the most promising technologies of the future, and its development has garnered attention worldwide. However, the rise of the IoT has been accompanied by a proportionate increase in security concerns regarding communication between IoT entities. Recently, Alzahrani et al. proposed an identity-based authentication and key agreement protocol for an IoT environment, wherein a physically unclonable function was employed. They claimed that their protocol can resist various types of attacks; however, after thorough analysis, we determined it to be ineffective against privileged internal attacks, physical IoT device capture attacks, stolen-verifier attacks, and known temporary information exposure attacks. To resolve these security weaknesses, we propose a new authentication and key agreement protocol. In addition, we demonstrate that the proposed protocol is provably secure in real-or-random (ROR) model and Burrows–Abadi–Needham (BAN) logic, resisting known attacks while incurring low communication and computation costs.
Highlights
Related WorkIn 2015, Sun et al [14] proposed an AKA protocol using hash functions
Introduction eInternet of ings (IoT) [1–3] has become a popular topic since its conception at the end of the 20th century. e technology has developed from the simple application of a single sensor to a specific scene to the vast IoT that is currently a ubiquitous part of our lives [4]. e IoT has found application in many scenarios, such as education [5], smart homes [6, 7], healthcare [8, 9], and VANETs [10, 11]
In terms of medical treatment, doctors could use intelligent detection equipment to monitor patients’ conditions in real time such that patients feel more at ease during treatment. erefore, IoT has become ubiquitous in our daily lives, with people becoming increasingly dependent on IoT devices
Summary
In 2015, Sun et al [14] proposed an AKA protocol using hash functions. This protocol [14] did not provide secure identity verification. In 2018, Gope and Sikdar [15] proposed a lightweight privacy-preserving two-party AKA protocol, but this protocol is not vulnerable to desynchronization attacks and does not provide perfect forward security. Various AKA protocols that were designed to improve the level of security [16–18] are based on elliptic curve cryptography (ECC). Kalra and Sood [19] proposed an ECC-based AKA protocol for the IoT. Ey claimed that this protocol provided perfect forward security. In an attempt to address the security loopholes in the protocol of Kalra et al, Chang et al improved the protocol such that it offered a higher level of security.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have