Abstract
Internet of Things (IoT) environments such as smart homes, smart factories, and smart buildings have become a part of our lives. The services of IoT environments are provided through wireless networks to legal users. However, the wireless network is an open channel, which is insecure to attacks from adversaries such as replay attacks, impersonation attacks, and invasions of privacy. To provide secure IoT services to users, mutual authentication protocols have attracted much attention as consequential security issues, and numerous protocols have been studied. In 2017, Bae et al. presented a smartcard-based two-factor authentication protocol for multi-gateway IoT environments. However, we point out that Bae et al.’s protocol is vulnerable to user impersonation attacks, gateway spoofing attacks, and session key disclosure, and cannot provide a mutual authentication. In addition, we propose a three-factor mutual authentication protocol for multi-gateway IoT environments to resolve these security weaknesses. Then, we use Burrows–Abadi–Needham (BAN) logic to prove that the proposed protocol achieves secure mutual authentication, and we use the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to analyze a formal security verification. In conclusion, our proposed protocol is secure and applicable in multi-gateway IoT environments.
Highlights
Internet of Things (IoT) provides numerous types of services through the internet to exchange data among sensors, embedded systems, and mobile devices
Because the summary part of On-the-Fly Model-Checker (OFMC) and Constraint-Logic-based Attack Searcher (CL-AtSe) indicates that the protocol is SAFE, our proposed protocol is secure against replay and man-in-the-middle attacks
IoT is becoming a part of our life and helps people to communicate data and comfortably obtain mobile services
Summary
Internet of Things (IoT) provides numerous types of services through the internet to exchange data among sensors, embedded systems, and mobile devices. A typical IoT architecture consists of heterogeneous micro devices and collects various types of information in real time This is not efficient for practical IoT systems because the communication and computation cost can be increased when the size of IoT networks and the distance between participants are expanded [1,2]. In 2017, Bae et al [15] proposed a smartcard-based secure authentication protocol in multi-gateway. We propose a three-factor authentication protocol that is based on the biometric information of the user, for IoT environments. We perform the AVISPA simulation as a formal security verification and compare the computation cost and security properties with related protocols in Sections 8 and 9.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have