Abstract
The Internet of Things (IoT) is a huge network formed by connecting various information sensing devices through the Internet. Although IoT has been popularized in many fields, connected devices can be used only when network security is guaranteed. Recently, Rana et al. proposed a secure and lightweight authentication protocol for the next-generation IoT infrastructure. They claim that their protocol can resist major security attacks. However, in this study, we prove that their protocol is still vulnerable to offline password guessing attacks and privilege internal attacks. In order to solve these shortcomings, we propose an improved protocol, which is proved to be secure by formal and informal analysis. In addition, after comparing the time and memory consumption with other protocols, we find that our protocol has more advantages.
Highlights
In recent years, the Internet of ings (IoT) [1,2,3,4] has become popular in our everyday life
IoT is applied to medical healthcare, which is closely related to our lives. rough the use of IoT, medical healthcare environments have taken on a new look
The cloud system based on IoT can help the national government manage some resources to a great extent. e management data through the cloud system greatly reduces human resources and greatly improves the utilization rate of resources. ese advantages are mainly based on the principle of the cloud-based Internet of ings
Summary
The Internet of ings (IoT) [1,2,3,4] has become popular in our everyday life. For an IoT network to be secure, all the entities (servers, end users, and devices) must mutually authenticate their identities. Kaul and Awasthi [18] discovered that Kumari et al.’s protocol [16] is still vulnerable to some attacks In their scheme, attackers can capture some security parameters transmitted on a public channel and calculate the session key. (3) en, the server stores the parameters βc, cc, χc, DI Dc, h(·) in the smart card memory and sends them to the user Uc through a secure channel. (2) en, privileged insiders can obtain the information IDC and RPWc of legitimate users during registration (3) A can calculate the following parameters by using the information βc obtained in the smart card and the information IDC and RPWc obtained during user registration: αc βc⊕h IDc⊕RPWc,. (4) the attacker can calculate the session key SK according to the above parameters:
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
