Abstract
Although the Internet of Things (IoT) provides many benefits for our life but it also raises many security threats. The main risk is the security of the transferred data comprising very critical information that its leakage compromises our privacy. In this regard, many security protocols have been introduced in literature, among which multi factor authentication protocols have been received considerable attention. in this paper, in the first step, the first third party security analysis of the newly proposed scheme denoted as ESEAP (designed by Kumari et al.) is presented. The provided analysis shows that this protocol has a number of security flaws including vulnerability to off-line password guessing attack, traceability attack, impersonation attack, insider attack and also desynchronization attack. For the second step, an enhanced protocol denoted as $RESEAP$ is proposed in which we use physically unclonable function to improve its security. We prove the security of RESEAP informally and also formally in real or random model, which is a widely accepted security model to prove the security of a cryptographic protocol. While the security analysis confirms that RESEAP protocol has better security, its comparison with ESEAP also shows its higher efficiency.
Highlights
The Internet of Things (IoT), as a system of interrelated computing devices, allows devices connections to communicate with each other to transfer data over a network without the need for human-to-human or human-to-computer interaction
The execution time in the server side for ESEAP and RESEAP are respectively 97.4 ms and 78 ms. It shows that RESEAP is much faster than ESEAP in this platform, almost 24% in the user side and almost 20% in the server side and 22% for whole session. It should be noted in ESEAP each calls to the symmetric encryption/decryption requires more than one call to the used block cipher, because the input message is much larger than the block length
In this paper, we provided the first third party security analysis of ESEAP, an Elliptic Curve Cryptography (ECC) based mutual authentication protocol using smart card which has been proposed by Kumari et al
Summary
The Internet of Things (IoT), as a system of interrelated computing devices, allows devices connections to communicate with each other to transfer data over a network without the need for human-to-human or human-to-computer interaction. Qiu et al [5] proposed a lightweight two-factor authentication and key agreement protocol with dynamic identity based on Elliptic Curve Cryptography (ECC) In this paper, they showed that the proposed protocol by Nikooghadam et al [6] does not provide desired security against keycompromise impersonation attack and it suffers from the lack of forward secrecy. Kumari et al [17] have recently analyzed the security of two-factor protocol proposed by Wang et al [18] and shown that it suffers from off-line password guessing attack and impersonation attack They proposed an improved protocol denoted as ESEAP, which is an ECC based mutual authentication protocol using smart card and claimed to be secure and efficient.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have