Lightweight Remote User Authentication Research Articles

LPSRUA–MIoT: Lightweight and Provable Secure Remote User Authentication Scheme for Multi‐Gateway Computing Framework in Internet of Things

ABSTRACTInternet of Things (IoT) has evolved into a new era of information and communication technology where several day‐to‐day usable physical objects have been interconnected to form an intelligent ad‐hoc network that is deployed into various hostile environments to monitor, gather and process the surveillance data. However, there is a huge potential gap between communication in traditional wired network and wireless IoT network. IoT network is susceptible to several security threats due to their distributed and decentralized architecture, open nature of communication channel, dynamic nodal infrastructure, high possibilities of malicious penetrations, and so forth. In this scenario, a secure, efficient, and lightweight remote user authentication and key agreement scheme can play a significant role to mitigate the above‐mentioned issues and to provide well‐protected communication between the communicating entities in the IoT environment. Therefore in this paper, we have proposed a provable secure, robust and lightweight biometric‐enabled mutual authentication scheme for a multi‐gateway IoT environment using an irreversible hash function and fuzzy extractor. To support our claim, we have formally verified our scheme using the broadly accepted Random Oracle Model (ROM) and further simulated using the widely used AVISPA simulation tool. Additionally, the performance analysis in terms of computation and communication overheads of the proposed scheme is compared with other existing relevant authentication schemes that clearly shows that the proposed protocol maintains an acceptable efficiency security trade‐off for implementation in real‐life scenarios.

Design and Testbed Experiments of User Authentication and Key Establishment Mechanism for Smart Healthcare Cyber Physical Systems

Smart healthcare technologies transform the traditional healthcare system in all possible ways. Smart healthcare has enormous number of benefits over the traditional system. However, at the same time, it also suffers from some healthcare data security and privacy related issues as the potential Internet attackers may get access to the sensitive healthcare through the deployment of various kinds of attacks. To mitigate these issues, in this paper, a new lightweight remote user authentication and key establishment scheme (in short, UAKM-SH) has been proposed by making the use of lightweight cryptographic operations. The security analysis of UAKM-SH is conducted to prove its robustness against various possible attacks. A detailed comparative study among the proposed UAKM-SH and other existing schemes shows that UAKM-SH performs better in terms of computation cost, communication cost, and the offered security and functionality features. Finally, the testbed implementation of UAKM-SH is given to observe its behavior in the real time scenario.

Robust and Lightweight Remote User Authentication Mechanism for Next-Generation IoT-Based Smart Home

Robust and Lightweight Remote User Authentication Mechanism for Next-Generation IoT-Based Smart Home

An ECC-based lightweight remote user authentication and key management scheme for IoT communication in context of fog computing

An ECC-based lightweight remote user authentication and key management scheme for IoT communication in context of fog computing

A Biometric based Remote User Authentication Technique Using Smart Card in Multi-Server Environment

Remote user authentication is an efficient technique to perform secure communication over an insecure network.In this current research article, a lightweight remote user authentication scheme using smart card is proposed. The proposed scheme is a multi-server authentication mechanism where user biometric plays a prominent role. Here, the user is provided the freedom of selecting his or her service according to its requirement. Registration center selects the server according to the service selected by the user and provides a handshaking between user and server. Both user and server have to mutually authenticate each other to an authorized registration center by message passing. By this technique, finally a session key is generated which is used to perform further communication. Security analysis of the proposed method proves its robustness and comparative analysis with some existing schemes provides the superiority.

A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography

Internet of things (IoT) has become a new era of communication technology for performing information exchange. With the immense increment of usage of smart devices, IoT services become more accessible. To perform secure transmission of data between IoT network and remote user, mutual authentication, and session key negotiation play a key role. In this research, we have proposed an ECC-based three-factor remote user authentication scheme that runs in the smart device and preserves privacy, and data confidentiality of the communicating user. To support our claim, multiple cryptographic attacks are analyzed and found that the proposed scheme is not vulnerable to those attacks. Finally, the computation and communication overheads of the proposed scheme are compared with other existing protocols to confirm that the proposed scheme is lightweight. A formal security analysis using AVISPA simulation tool has been done that confirms the proposed scheme is robust against relevant security threats.

Lightweight and Secure Password Based Smart Home Authentication Protocol: LSP-SHAP

Remote control his smart home from his mobile device is highly desirable for a mobile user. But, the sensor devices and the user mobile device communicate over an insecure communication channel. Therefore, various attacks are possible, such as impersonation attack, privileged-insider attack, mobile device stolen attack, and the denial of service attack. In this case, an illegal user may gain access to the data sent by the smart devices. In the literature, most of the existing schemes for the remote user authentication are not secure enough with respect to the aforementioned attacks. In addition, they are not enough lightweight at the sensor device side. Therefore, there is a need to design a new secure and lightweight remote user authentication scheme, where only the authorized users may have access to the home sensor devices. So, in this paper, we propose a new secure and lightweight remote user authentication scheme for a smart home environment. For the derivation of a robust session key, we propose to use Elliptic Curve Cryptography. The solution is lightweight for resource-constrained devices with limited resources as the gateway node will assist in deriving the session key to the sensor device. The security of the proposed solution is proved using a formal security evaluation via the Scyther tool. Also, a performance evaluation is performed to show the effectiveness of our solution.

Advanced lightweight multi-factor remote user authentication scheme for cloud-IoT applications

With the ongoing revolution of Internet-enabled devices, Internet of Things (IoT) has emerged as the most popular networking paradigm. The enormous amount of data generated from smart devices in IoT environment is one of the biggest concerns. Cloud computing has emerged as a key technology to process the generated data. The confidential data of user from IoT devices is stored in cloud server and the remote user can access this data anytime, anywhere and at any place from the cloud server. This makes remote user authentication a critical issue. This paper proposes a lightweight remote user authentication scheme for cloud-IoT applications. The formal security analysis using BAN logic and random oracle model confirms that the scheme is resilient to known security attacks. Furthermore, the scheme is formally verified using AVISPA tool which confirms the security against multiple security attacks.

Lightweight remote user authentication protocol for multi-server 5G networks using self-certified public key cryptography

Due to small cell deployments and multiple servers in 5G networks, a fast and anonymous mutual authentication protocol needs to be developed for complex 5G networks. In this paper, we propose a lightweight and untraceable authentication protocol for multi-server-based 5G networks. To reduce computational complexity, we employ self-certified public key cryptography based on elliptic curve cryptography to authenticate the validation of users and servers. Without pairing operations, our scheme could improve performance efficiency. Also, a formal security model is designed to prove that our protocol is secure against forgery attack due to the discrete logarithm and the computational Diffie-Hellman problem. Performance analysis further shows that our protocol has a lower communication and computational overhead. Also, our protocol could support anonymous mutual authentication.

Design and Analysis of Secure Lightweight Remote User Authentication and Key Agreement Scheme in Internet of Drones Deployment

The Internet of Drones (IoD) provides a coordinated access to unmanned aerial vehicles that are referred as drones. The on-going miniaturization of sensors, actuators, and processors with ubiquitous wireless connectivity makes drones to be used in a wide range of applications ranging from military to civilian. Since most of the applications involved in the IoD are real-time based, the users are generally interested in accessing real-time information from drones belonging to a particular fly zone. This happens if we allow users to directly access real-time data from flying drones inside IoD environment and not from the server. This is a serious security breach which may deteriorate performance of any implemented solution in this IoD environment. To address this important issue in IoD, we propose a novel lightweight user authentication scheme in which a user in the IoD environment needs to access data directly from a drone provided that the user is authorized to access the data from that drone. The formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool along with informal security analysis show that our scheme is secure against several known attacks. The performance comparison demonstrates that our scheme is efficient with respect to various parameters, and it provides better security as compared to those for the related existing schemes. Finally, the practical demonstration of our scheme is done using the widely accepted NS2 simulation.

On the Design of Provably Secure Lightweight Remote User Authentication Scheme for Mobile Cloud Computing Services

Secure and efficient lightweight user authentication protocol for mobile cloud computing becomes a paramount concern due to the data sharing using Internet among the end users and mobile devices. Mutual authentication of a mobile user and cloud service provider is necessary for accessing of any cloud services. However, resource constraint nature of mobile devices makes this task more challenging. In this paper, we propose a new secure and lightweight mobile user authentication scheme for mobile cloud computing, based on cryptographic hash, bitwise XOR, and fuzzy extractor functions. Through informal security analysis and rigorous formal security analysis using random oracle model, it has been demonstrated that the proposed scheme is secure against possible well-known passive and active attacks and also provides user anonymity. Moreover, we provide formal security verification through ProVerif 1.93 simulation for the proposed scheme. Also, we have done authentication proof of our proposed scheme using the Burrows-Abadi-Needham logic. Since the proposed scheme does not exploit any resource constrained cryptosystem, it has the lowest computation cost in compare to existing related schemes. Furthermore, the proposed scheme does not involve registration center in the authentication process, for which it is having lowest communication cost compared with existing related schemes.