Abstract
The Internet of things (IoT) is a system of smart technologies and services that mutually communicate data between users and devices or between devices via the Internet. Since data are shared between a remote user and various sensing devices over a network, it is essential to design a secure, lightweight and efficient remote user authentication protocol for the IoT environment. In the context of security and network privacy, mutual authentication is necessary for securely accessing the services of the IoT environment. However, the IoT faces substantial new challenges realizing mutual authentication due to IoT devices constraints. In this paper, we present a lightweight, robust and secure authentication protocol that satisfies constraints on IoT devices. The proposed protocol is based on level 3 feature extraction, fuzzy extraction of the user's biometrics, one-way hash functions and XOR operations and includes (1) three-factor authentication (user password, biometrics and smart devices), (2) mutual authentication, (3) a session key, and (4) key freshness. Furthermore, we have used the Burrows-Abadi-Needham logic to prove the authentication of our proposed protocol. In addition, our proposed protocol does not require additional hardware or a resource-constrained cryptosystem, and for that reason; hence, it has the lowest computational cost on the IoT nodes (0.003_ms), the lowest total computational cost (0.071_ms), and the lowest communication cost (2784 bits) compared with other relevant works. Moreover, we have conducted an informal security analysis to prove its ability to withstand well-known malicious attacks, such as replay attacks, impersonation attacks, password change attacks, man-in-the-middle (MITM) attacks, and denial of service (DOS) attacks.
Highlights
Internet of things (IoT) is the integration of heterogeneous physical devices with embedded software, networks and information technology, with the ability to share information and provide optimal service to users without manual intervention
In this paper, based on user biometric factors, we have focused on remote user authentication, which is one of the main security issues of the IoT
The informal security analysis results demonstrate that our protocol can withstand most known malicious attacks and provides most of the required functionalities such as mutual authentication, key agreement, user anonymity and untraceability, and key freshness
Summary
IoT is the integration of heterogeneous physical devices with embedded software, networks and information technology, with the ability to share information and provide optimal service to users without manual intervention. The scenario and structure of our proposed protocol consist of three major parties: the user who requires access, the IoT nodes and the gateway node. In this case, the user can access IoT nodes and take advantage of their services. These schemes are not sufficient for ensuring security Authentication requires another factor for enhancing security, such as the user’s biometrics, which are unique, e.g., iris scans, VOLUME 7, 2019 fingerprints and facial patterns. These biometrics are difficult to reproduce; it is difficult for an attacker to steal or modify them
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
