Abstract
The Internet of Things (IoT) acts as an umbrella for the Internet-enabled devices for various applications, such as smart home, smart city, smart grid, and smart healthcare. The emergence of the immense economic potential necessitates a robust authentication mechanism that needs to be lightweight and suitable for real-time applications. Moreover, the physical integrity of these devices cannot be assumed as these are designed to be deployed in an unattended environment with minimum human supervision. A user authentication mechanism for the IoT, in addition to guaranteeing user anonymity and un-traceability functionality requirements, must also be resistant to device physical capture and related misuses. In this paper, we present a novel lightweight anonymous user authentication protocol for the IoT environment by utilizing “cryptographic one-way hash function”, “physically unclonable function (PUF)” and “bitwise exclusive-OR (XOR)” operations. The broadly accepted Real-Or-Random (ROR) model-based formal security analysis, formal security verification using the automated software verification tool, namely “automated validation of internet security protocols and applications (AVISPA)” and also non-mathematical (informal) security analysis have been carried out on the proposed scheme. It is shown that the proposed scheme has the ability to resist various well-known attacks that are crucial for securing the IoT environment. Through a detailed comparative study, we show that the proposed scheme outperforms other existing related schemes in terms of computation and communication costs, and also security & functionality features. Finally, a practical demonstration of the proposed scheme using the NS3 simulation has been provided for measuring various network performance parameters.
Highlights
INTRODUCTIONWe are living in the age of information, and a significant portion of the information is derived from the innumerable
We are living in the age of information, and a significant portion of the information is derived from the innumerableThe associate editor coordinating the review of this manuscript and approving it for publication was Chao Shen.Internet connected smart devices and sensors that make up the Internet of Things (IoT)
In the proposed protocol, the physical security of the user’s device and IoT smart devices deployed in the hostile environment is assured
Summary
We are living in the age of information, and a significant portion of the information is derived from the innumerable. We present a novel physically secure lightweight anonymous authentication protocol for IoT using PUFs. A. We work under the assumption that the GWN s are be physically secured under locking systems and the GWN s are considered to be trusted entities in the IoT environment [8] This proposed scheme is based on the CK-adversary model [9]. In the proposed protocol, the physical security of the user’s device (smart card) and IoT smart devices deployed in the hostile environment is assured. A rigorous comparative analysis shows that the proposed protocol achieves better security along with more functionality features, and provides comparable communication & computational overheads as compared to those for the related existing schemes.
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call