Lightweight Mutual Authentication Protocol Research Articles

Efficient Authentication Protocol for Continuous Monitoring in Medical Sensor Networks

Currently, continuous monitoring on patients with the help of small devices (or sensors), is easy for doctors/nurses to check patients. Due to privacy issues, data collected from devices should be protected. Thus, a lightweight mutual authentication and key agreement protocol is required among doctors/nurses, trusted servers, sensors and patients. In this paper, we provide a secure protocol which could support continuous monitoring on patients. Firstly, user's biometrics will be used to verify users by means of continuous monitoring of physiological data (e.g., ECG signals) in which verification of the patient identity. This could prevent device theft attacks. In addition, dynamic identity is taken to provide user anonymity and mitigate against user traceability. Later, we provide informal and formal security analysis to prove that our protocol can establish a session key between the user and sensor after successfully mutually authentication. Performance analysis proved our scheme to be competitive in comparison to existing schemes relative to the added security benefits it provides.

ECC-based lightweight mutual authentication protocol for fog enabled IoT system using three-way authentication procedure

ECC-based lightweight mutual authentication protocol for fog enabled IoT system using three-way authentication procedure

ECC-based lightweight mutual authentication protocol for fog enabled IoT system using three-way authentication procedure

Internet of things (IoT) devices may be easily compromised and incapable of defending and securing themselves due to resource constrained nature. Hence, the integration of devices with resource ric...

A lightweight secure CoAP for IoT-cloud paradigm using Elliptic-curve cryptography

<span>Cloud Computing and the Internet of Things (IoT), two different technologies, are already part of our lives. Their impressive adoption increasing more and more, which makes them the future of the future internet. The tsunami of interconnectivity between objects and data collection is increasingly based on Cloud Computing, where data analysis and intelligence really reside. A new paradigm where the Cloud and the IoT are merged will create a new air in the world of technology, which can offer many services and applications useful to humanity. However, despite the great benefits that can bring this technology in term of new services, elasticity and flexibility, the security aspect still remains a serious constraint which hampers the expansion of this technology. This paper proposes a lightweight Mutual authentication protocol based on Constrained Application Protocol (CoAP); that is suitable for IoT devices than HTTP and using elliptic curve cryptography to secure data transmission between the Cloud and devices. We used the AVISPA tool to verify our proposed scheme.</span>

Cryptanalysis and improvement of mutual authentication protocol for real-time data access in industrial wireless sensor networks

Wireless Sensor Networks (WSNs) have a very large number of applications in different domains of the industry. One of those applications is the industrial use of WSN. Industrial Wireless Sensor Networks (IWSNs) are generally used in places which are isolated from human involvement. Thus their security and privacy are a major concern. Recently, Gope et al. have discussed a lightweight mutual user authentication protocol for IWSN. In this paper, we perform the security analysis of their scheme and find that their scheme is vulnerable to the following attacks: user device loss attack, stolen verifier attack, and denial of service attack. We also propose an improved scheme that overcomes these vulnerabilities. The proposed scheme uses the Physically Unclonable Function (PUF), Exclusive OR (XOR), and one-way cryptographic hash function operations, which are all lightweight cryptographic functions. The analysis of formal security in our scheme uses random oracle model to prove the safety of the user identity, password, and session key. Through the informal security, we show that our scheme resists many known attacks. The formal verification of security is done using ProVerif tool. In the performance analysis, we present that our scheme provides better security features than the other related schemes.

MAKE-IT-A Lightweight Mutual Authentication and Key Exchange Protocol for Industrial Internet of Things.

Continuous development of the Industrial Internet of Things (IIoT) has opened up enormous opportunities for the engineers to enhance the efficiency of the machines. Despite the development, many industry administrators still fear to use Internet for operating their machines due to untrusted nature of the communication channel. The utilization of internet for managing industrial operations can be widespread adopted if the authentication of the entities are performed and trust is ensured. The traditional schemes with their inherent security issues and other complexities, cannot be directly deployed to resource constrained network devices. Therefore, we have proposed a strong mutual authentication and secret key exchange protocol to address the vulnerabilities of the existing schemes. We have used various cryptography operations such as hashing, ciphering, and so forth, for providing secure mutual authentication and secret key exchange between different entities to restrict unauthorized access. Performance and security analysis clearly demonstrates that the proposed work is energy efficient (computation and communication inexpensive) and more robust against the attacks in comparison to the traditional schemes.

ASSURE: A Hardware-Based Security Protocol for Resource-Constrained IoT Systems

The Internet of Things technology is expected to generate tremendous economic benefits; this promise is undermined by major security threats. This is mainly due to the ubiquitous nature of this technology, which makes it easy for potential adversities to have access to IoT devices and carry well-established attacks. The development of defence mechanisms, in this case, is a challenging task; this is due to the fact that most IoT devices have limited computing and energy resources, which makes it hard to implement classic cryptographic algorithms. This paper addresses this challenge by proposing a lightweight mutual authentication and key agreement protocol named ASSURE based on Rivest Cipher (RC5) and physically unclonable functions (PUFs). To understand the effectiveness of this protocol, a rigorous security analysis under various cyber-attack scenarios is performed. In order to evaluate the overheads of the proposed solution, a wireless sensor network using typical IoT devices called Zolertia Zoul re-mote is constructed. The functionality of the proposed scheme is verified using a server-client configuration. Then, energy consumption and memory utilization are estimated and compared with the existing solutions, namely, the DTLS (datagram transport layer security) handshake protocol in pre-shared secret (key) mode and UDP (user datagram protocol). Experimental analysis results indicate that the proposed protocol can save up to 39.5% energy and uses 14% less memory compared with the DTLS handshake protocol.

Lightweight Mutual Authentication Protocol for V2G Using Physical Unclonable Function

Electric vehicles (EVs) have been slowly replacing conventional fuel based vehicles since the last decade. EVs are not only environment-friendly but when used in conjunction with a smart grid, also open up new possibilities and a Vehicle-Smart Grid ecosystem, commonly called V2G can be achieved. This would not only encourage people to switch to environment-friendly EVs or Plug-in Hybrid Electric Vehicles (PHEVs), but also positively aid in load management on the power grid, and present new economic benefits to all the entities involved in such an ecosystem. Nonetheless, privacy and security remain a serious concern of smart grids. The devices used in V2G are tiny, inexpensive, and resource constrained, which renders them susceptible to multiple attacks. Any protocol designed for V2G systems must be secure, lightweight, and must protect the privacy of the vehicle owner. Since EVs and charging stations are generally not guarded by people, physical security is also a must. To tackle these issues, we propose Physical Unclonable Functions (PUF) based Secure User Key-Exchange Authentication (SUKA) protocol for V2G systems. The proposed protocol uses PUFs to achieve a two-step mutual authentication between an EV and the Grid Server. It is lightweight, secure, and privacy preserving. Simulations show that the proposed protocol performs better and provides more security features than state-of-the-art V2G authentication protocols. The security of the proposed protocol is shown using a formal security model and analysis.

A Lightweight Mutual Authentication Protocol for V2V Communication in Internet of Vehicles

Recently, the concept of Internet of Vehicles (IoVs) conquered the automotive industry, academia, research fields, vehicle manufacturers, etc., where vehicles are ‘intelligent ones’ capable of providing a wide variety of applications, such as traveller/driver safety, infotainment, traffic efficiency, reduced congestion, less pollution, etc. Ensuring proper authentication and secure communication are the major challenges of an IoV scenario. However, only limited works are available for authentication and communication, among them the ‘lightweight property’ is missing. Hence, in this paper, we design a lightweight mutual authentication protocol in an IoV scenario using cryptographic operations. The proposed protocol also enables a device and a server to establish a secret key, which can be used for secure communication, while minimizing the computational cost associated with the process. The protocol is implemented on two types of communication models, such as two Raspberry Pi’s connected via an intermediate desktop computer acting as the Trusted Authority (TA) and two Raspberry Pi’s connected via the cloud (here, Vehicle Server). The performance analysis results based on computation and communication cost show that the proposed protocol performs better than existing systems.

An Efficient Decentralized Key Management Mechanism for VANET With Blockchain

The vehicular ad hoc network (VANET) has been considered as one of the most prominent technologies for improving the efficiency and safety of modern transportation systems. However, VANET will present a unique range of challenges and opportunities for security. In particular, key management, as the footstone to build a practical security framework in VANET, becomes a research hotspot. In this paper, we investigate key management based on blockchain for VANET. We first propose an efficient decentralized key management mechanism for VANET with blockchain (DB-KMM) to automatically realize the registration, update and revocation of user's public key. At the same time, we present a lightweight mutual authentication and key agreement protocol based on the bivariate polynomial. Then, we analyze the security of DB-KMM in the universally composable framework and show that the mechanism can prevent the typical attacks including internal attacks, DoS attacks, public key tampering attacks and collusion attacks. Finally, we analyze the performance of the proposed scheme through experiments and simulation. Experiment results show that DB-KMM has better performance than the existing schemes in terms of communication, storage, computation overhead and latency.

PARTH: A two-stage lightweight mutual authentication protocol for UAV surveillance networks

UAVs are being widely deployed in security and surveillance applications around the world. Due to deployment in remote environments and also due to limited resources on these devices, they are susceptible to device capture and physical tampering attacks. This heightens the risk of sensitive data stored in the UAVs to be captured by adversaries. To address this issue, a two-stage lightweight mutual authentication protocol is presented in this paper, well suited to SDN-backed multi UAV networks deployed in surveillance areas. Formal security proof of the protocol is presented to highlight its security features. We also compare our protocol with other state-of-the-art works in terms of computation latency and resilience against known security attacks.

Blockchain-based Lightweight Mutual Authentication Protocol for IoT Systems

Blockchain-based Lightweight Mutual Authentication Protocol for IoT Systems

Energy Efficient Lightweight Mutual Authentication Protocol (REAP) for MBAN Based on Genus-2 Hyper-Elliptic Curve

In the modern era, medical body area network (MBAN) emerges with the development of information and communication technology to improve the quality of healthcare services. As MBAN contains patient’s sensitive information and usually be transmitted via wireless channel, it is vulnerable to security threats and privacy attacks. To preserve privacy, it is important to provide authentication to prevent unauthorized access by intruders. Since MBAN consists of resource constraint devices to monitor physiological conditions, light-weight authentication protocol are in demand to reduce computational time and communication cost. Hence the paper proposes an eneRgy efficient, lightweight mutual authentication protocol for MBAN based on genus 2 hyper-elliptic curve cryptosystem, since it provides high security with smaller key size than Rivest–Shamir–Adleman and elliptic curve cryptosystem. The proposed authentication protocol is validated using the widely accepted AVISPA tool for its secure. In addition, BAN logic is used to analyse the formal security features and resistance to possible attacks are discussed informally.

SecLAP: Secure and lightweight RFID authentication protocol for Medical IoT

The safety of medical data and equipment plays a vital role in today’s world of Medical Internet of Things (MIoT). These IoT devices have many constraints (e.g., memory size, processing capacity, and power consumption) that make it challenging to use cost-effective and energy-efficient security solutions. Recently, researchers have proposed a few Radio-Frequency Identification (RFID) based security solutions for MIoT. The use of RFID technology in securing IoT systems is rapidly increasing because it provides secure and lightweight safety mechanisms for these systems. More recently, authors have proposed a lightweight RFID mutual authentication (LRMI) protocol. The authors argue that LRMI meets the necessary security requirements for RFID systems, and the same applies to MIoT applications as well. In this paper, our contribution has two-folds, firstly we analyze the LRMI protocol’s security to demonstrate that it is vulnerable to various attacks such as secret disclosure, reader impersonation, and tag traceability. Also, it is not able to preserve the anonymity of the tag and the reader. Secondly, we propose a new secure and lightweight mutual RFID authentication (SecLAP) protocol, which provides secure communication and preserves privacy in MIoT systems. Our security analysis shows that the SecLAP protocol is robust against de-synchronization, replay, reader/tag impersonation, and traceability attacks, and it ensures forward and backward data communication security. We use Burrows–Abadi–Needham (BAN) logic to validate the security features of SecLAP. Moreover, we compare SecLAP with the state-of-the-art and validate its performance through a Field Programmable Gate Array (FPGA) implementation, which shows that it is lightweight, consumes fewer resources on tags concerning computation functions, and requires less number of flows.

Secure mutual authentication and automated access control for IoT smart home using cumulative Keyed-hash chain

IoT platforms face huge challenge in deploying robust authentication mechanisms due to the fact that edge devices and resource-constrained devices may not have enough compute and storage capability to deploy and run existing mechanisms, which involve in general complex computations. In this paper, we propose a secure lightweight mutual authentication and key exchange protocol for IoT smart home environment based on temporary identity and cumulative Keyed-hash chain. Nodes can anonymously authenticate and establish session with the controller node using dynamic identities and symmetric keys in an unlinkable manner. Moreover, the enforcement of security policy between nodes is ensured by setting up a virtual domain segregation and restricting nodes capabilities of sending and receiving instructions and commands to or from other nodes. Cumulative Keyed-hash chain mechanism is introduced as a way to ensure the identity of the sender (through challenge-response). In addition, we capitalize on fog computing concept to improve identity assurance. Finally, we formally evaluate and prove the security of our protocol by using the Burrows-Abadi-Needham (BAN) logic and the Automated Validation of Internet Security Protocols and Applications (AVISPA) toolkit.

Authentication Protocol Design and Low-Cost Key Encryption Function Implementation for Wireless Sensor Networks

Wireless sensor networks (WSNs) have been widely used, most notably in real-time traffic monitoring and military sensing and tracking. However, WSN applications could suffer from threats and endanger the applications if the suitable security issues are not taken into consideration. As a result, user authentication is an important concern to protect data access from unauthorized users. This paper presents a lightweight mutual authentication protocol for WSN applications. Instead of traditionally using a hash function for data protection, one of the interesting aspects of this protocol is that, for the purpose of data protection but with a low computational cost, the proposed key encryption function only requires simple exclusive- or ( xor ) arithmetic operations. Moreover, the corresponding hardware architecture was implemented by using an Altera DE2 board, including an Altera Cyclone II field-programmable gate array (FPGA). Finally, the output waveforms from the FPGA were displayed on the 16702A logic analysis system for real-time verification.

Lightweight Mutual Authentication for IoT and Its Applications

The Internet of Things (IoT) provides transparent and seamless incorporation of heterogeneous and different end systems. It has been widely used in many applications including smart cities such as public water system, power grid, water management, and vehicle traffic control system. In these smart city applications, a large number of IoT devices are deployed that can sense, communicate, compute, and potentially actuate. The uninterrupted and accurate functioning of these devices are critical to smart city applications as crucial decisions will be made based on the data received. One of the challenging tasks is to assure the authenticity of the devices so that we can rely on the decision making process with a very high confidence. One of the characteristics of IoT devices deployed in such applications is that they have limited battery power. A challenge is to design a secure mutual authentication protocol which is affordable to resource constrained devices. In this paper, we propose a lightweight mutual authentication protocol based on a novel public key encryption scheme for smart city applications. The proposed protocol takes a balance between the efficiency and communication cost without sacrificing the security. We evaluate the performance of our protocol in software and hardware environments. On the same security level, our protocol performance is significantly better than existing RSA and ECC based protocols. We also provide security analysis of the proposed encryption scheme and the mutual authentication protocol.

Lightweight non-distance-bounding means to address RFID relay attacks

A relay attack is accomplished by simply relaying messages between a prover (e.g., an RFID tag) and a verifier (e.g., an RFID reader) with the goal of convincing the verifier of its close physical proximity to the prover. In almost all relay attack scenarios, the verifier essentially communicates with a prover that is outside the verifier's read-range. Relay attacks are notorious since they occur without the knowledge of the reader and/or tag, and has the potential to cause damage to honest parties (here, RFID reader and/or tag). Almost all means to address relay attacks in RFID systems to date are based on the proximity check idea that involves the measurement of message round trip times between tag and reader. With the speed of light at play, such measurements need not necessarily be accurate and could result in the false assumption of relay attack absence. Our review of published literature on approaches that use non-distance-based means to address relay attacks revealed ambient conditions' potential. We critically evaluate ambient conditions and develop a lightweight mutual authentication protocol that is based on magnetometer readings to address relay attacks.

Cost and Lightweight Modeling Analysis of RFID Authentication Protocols in Resource Constraint Internet of Things

Internet of Things (IoT) is a pervasive environment to interconnect the things like: smart objects, devices etc. in a structure like internet. Things can be interconnected in IoT if these are uniquely addressable and identifiable. Radio Frequency Identification (RFID) is one the important radio frequency based addressing scheme in IoT. Major security challenge in resource constraint RFID networks is how to achieve traditional CIA security i.e. Confidentiality, Integrity and Authentication. Computational and communication costs for Lightweight Mutual Authentication Protocol (LMAP), RFID mutual Authentication Protocol with Permutation (RAPP) and kazahaya authentication protocols are analyzed. These authentication protocols are modeled to analyze the delays using lightweight modeling language. Delay analysis is performed using alloy model over LMAP, RAPP and kazahaya authentication protocols where one datacenter (DC) is connected to different number of readers (1,5 or 10) with connectivity to 1, 5 or 25 tags associated with reader and its results show that for LMAP delay varies from 30-156 msec, for RAPP from 31-188 while for kazahaya from 61-374 msec. Further, performance of RFID authentication protocols is analyzed for group construction through more than one DC (1,5 or 10) with different number of readers (10, 50 or 100) and tags associated with these readers (50, 500, 1000) and results show that DC based binary tree topology with LMAP authentication protocol is having a minimum delay for 50 or 100 readers. Other authentication protocols fail to give authentication results because of large delays in the network. Thus, RAPP and Kazahaya are not suitable for scenarios where there is large amount of increase in number of tags or readers.

A lightweight mutual authentication protocol based on elliptic curve cryptography for IoT devices

A lightweight mutual authentication protocol based on elliptic curve cryptography for IoT devices