1
|
Ju S, Park Y. Provably Secure Lightweight Mutual Authentication and Key Agreement Scheme for Cloud-Based IoT Environments. SENSORS (BASEL, SWITZERLAND) 2023; 23:9766. [PMID: 38139612 PMCID: PMC10747996 DOI: 10.3390/s23249766] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 11/10/2023] [Revised: 12/01/2023] [Accepted: 12/08/2023] [Indexed: 12/24/2023]
Abstract
A paradigm that combines cloud computing and the Internet of Things (IoT) allows for more impressive services to be provided to users while addressing storage and computational resource issues in the IoT environments. This cloud-based IoT environment has been used in various industries, including public services, for quite some time, and has been researched in academia. However, various security issues can arise during the communication between IoT devices and cloud servers, because communication between devices occurs in open channels. Moreover, issues such as theft of a user's IoT device or extraction of key parameters from the user's device in a remote location can arise. Researchers interested in these issues have proposed lightweight mutual authentication key agreement protocols that are safe and suitable for IoT environments. Recently, a lightweight authentication scheme between IoT devices and cloud servers has been presented. However, we found out their scheme had various security vulnerabilities, vulnerable to insider, impersonation, verification table leakage, and privileged insider attacks, and did not provide users with untraceability. To address these flaws, we propose a provably secure lightweight authentication scheme. The proposed scheme uses the user's biometric information and the cloud server's secret key to prevent the exposure of key parameters. Additionally, it ensures low computational costs for providing users with real-time and fast services using only exclusive OR operations and hash functions in the IoT environments. To analyze the safety of the proposed scheme, we use informal security analysis, Burrows-Abadi-Needham (BAN) logic and a Real-or-Random (RoR) model. The analysis results confirm that our scheme is secure against insider attacks, impersonation attacks, stolen verifier attacks, and so on; furthermore, it provides additional security elements. Simultaneously, it has been verified to possess enhanced communication costs, and total bit size has been shortened to 3776 bits, which is improved by almost 6% compared to Wu et al.'s scheme. Therefore, we demonstrate that the proposed scheme is suitable for cloud-based IoT environments.
Collapse
Affiliation(s)
| | - Yohan Park
- Department of Computer Engineering, College of Engineering, Keimyung University, Daegu 42601, Republic of Korea;
| |
Collapse
|
2
|
On the Security of a Lightweight and Secure Access Authentication Scheme for Both UE and mMTC Devices in 5G Networks. APPLIED SCIENCES-BASEL 2022. [DOI: 10.3390/app12094265] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/16/2022]
Abstract
The Internet of Things (IoT) and 5G networks play important roles in the latest systems for managing and monitoring various types of data. These 5G based IoT environments collect various data in real-time using micro-sensors as IoT things devices and sends the collected data to a server for further processing. In this scenario, a secure authentication and key agreement scheme is needed to ensure privacy when exchanging data between IoT nodes and the server. Recently, Cao et al. in “LSAA: A lightweight and secure access authentication scheme for both UE and mMTC devices in 5G networks” presented a new authentication scheme to protect user privacy. They contend that their scheme not only prevents various protocol attacks, but also achieves mutual authentication, session key security, unlinkability, and perfect forward/backward secrecy. This paper demonstrates critical security weaknesses of their scheme using informal and formal (mathemati) analysis: it does not prevent a single point of failure and impersonation attacks. Further, their proposed scheme does not achieve mutual authentication and correctness of security assumptions, and we perform simulation analysis using a formal verification tool to its security flaws. To ensure attack resilience, we put forward some solutions that can assist constructing more secure and efficient access authentication scheme for 5G networks.
Collapse
|
3
|
ES-HAS: ECC-Based Secure Handover Authentication Scheme for Roaming Mobile User in Global Mobility Networks. CRYPTOGRAPHY 2021. [DOI: 10.3390/cryptography5040035] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/16/2022]
Abstract
The design and implementation of two-factor schemes designed for roaming mobile users for global mobility networks in smart cities requires attention to protect the scheme from various security attacks, such as the replay attack, impersonation attack, man-in-the-middle attack, password-guessing attack and stolen-smart-card attack. In addition to these attacks, the scheme should achieve user anonymity, unlinkability and perfect forward secrecy. In the roaming scenario, as mobile users are connected to the foreign network, mobile users must provide authentication details to the foreign network to which they are connected. The foreign network forwards the authentication messages received from the mobile users to their home network. The home network validates the authenticity of the mobile user. In the roaming scenario, all communication between the three entities is carried over an insecure channel. It is assumed that the adversary has the capabilities to intercept the messages transmitted over an insecure channel. Hence, the authentication scheme designed must be able to resist the above-mentioned security attacks and achieve the security goals. Our proposed scheme ES-HAS (elliptic curve-based secure handover authentication scheme) is a two-factor authentication scheme in which the mobile user possesses the password, and the smart card resists the above-mentioned security attacks. It also achieves the above-mentioned security goals. We also extended our two-factor authentication to a multi-factor authentication scheme using the fingerprint biometric technique. The formal security analysis using BAN logic and the formal security verification of the proposed scheme using the widely accepted AVISPA (automated validation of internet security protocols and applications) tool is presented in this article. In comparison with the related schemes, the proposed scheme is more efficient and robust. This makes the proposed scheme suitable for practical implementation.
Collapse
|
4
|
Lin Y, Wang X, Gan Q, Yao M. A secure cross-domain authentication scheme with perfect forward security and complete anonymity in fog computing. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2021. [DOI: 10.1016/j.jisa.2021.103022] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/20/2022]
|
5
|
Abbas G, Tanveer M, Abbas ZH, Waqas M, Baker T, Al-Jumeily OBE D. A secure remote user authentication scheme for 6LoWPAN-based Internet of Things. PLoS One 2021; 16:e0258279. [PMID: 34748568 PMCID: PMC8575280 DOI: 10.1371/journal.pone.0258279] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.7] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/30/2021] [Accepted: 09/22/2021] [Indexed: 11/18/2022] Open
Abstract
One of the significant challenges in the Internet of Things (IoT) is the provisioning of guaranteed security and privacy, considering the fact that IoT devices are resource-limited. Oftentimes, in IoT applications, remote users need to obtain real-time data, with guaranteed security and privacy, from resource-limited network nodes through the public Internet. For this purpose, the users need to establish a secure link with the network nodes. Though the IPv6 over low-power wireless personal area networks (6LoWPAN) adaptation layer standard offers IPv6 compatibility for resource-limited wireless networks, the fundamental 6LoWPAN structure ignores security and privacy characteristics. Thus, there is a pressing need to design a resource-efficient authenticated key exchange (AKE) scheme for ensuring secure communication in 6LoWPAN-based resource-limited networks. This paper proposes a resource-efficient secure remote user authentication scheme for 6LoWPAN-based IoT networks, called SRUA-IoT. SRUA-IoT achieves the authentication of remote users and enables the users and network entities to establish private session keys between themselves for indecipherable communication. To this end, SRUA-IoT uses a secure hash algorithm, exclusive-OR operation, and symmetric encryption primitive. We prove through informal security analysis that SRUA-IoT is secured against a variety of malicious attacks. We also prove the security strength of SRUA-IoT through formal security analysis conducted by employing the random oracle model. Additionally, we prove through Scyther-based validation that SRUA-IoT is resilient against various attacks. Likewise, we demonstrate that SRUA-IoT reduces the computational cost of the nodes and communication overheads of the network.
Collapse
Affiliation(s)
- Ghulam Abbas
- Faculty of Computer Science and Engineering, GIK Institute of Engineering Sciences and Technology, Topi, Pakistan
- Telecommunications and Networking Research Center, GIK Institute of Engineering Sciences and Technology, Topi, Pakistan
| | - Muhammad Tanveer
- Telecommunications and Networking Research Center, GIK Institute of Engineering Sciences and Technology, Topi, Pakistan
| | - Ziaul Haq Abbas
- Faculty of Electrical Engineering, GIK Institute of Engineering Sciences and Technology, Topi, Pakistan
| | - Muhammad Waqas
- Engineering Research Center of Intelligent Perception and Autonomous Control, Faculty of Information Technology, Beijing University of Technology, Beijing, China
| | - Thar Baker
- Department of Computer Science, University of Sharjah, Sharjah, United Arab Emirates
| | - Dhiya Al-Jumeily OBE
- School of Computer Science and Mathematics, Liverpool John Moores University, Liverpool, United Kingdom
- * E-mail:
| |
Collapse
|
6
|
How to Design a Secure Anonymous Authentication and Key Agreement Protocol for Multi-Server Environments and Prove Its Security. Symmetry (Basel) 2021. [DOI: 10.3390/sym13091629] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/16/2022] Open
Abstract
An anonymous authentication and key agreement (AAKA) protocol provides anonymous members symmetric authentication and establishes a symmetric session key for secure communication in public networks. Today, numerous popular remote services are based on multi-server architecture, such as the internet of things (IoT), smart cities, cloud services, vehicular ad hoc networks (VANET), and telecare medicine information systems (TMIS). Many researchers have attempted to design AAKA protocols in multi-server environments for various applications. However, many of these have security defects, even if they have so-called “formal” security proofs. In this paper, we analyze related AAKA protocols to identify the common design defects, expound the process of designing secure AAKA protocols, and explain why the present AAKA protocols still suffer attacks, despite having security proofs. We instruct readers on how to design a secure AAKA protocol and how to prove the security. This paper will therefore be helpful for the design of new AAKA protocols, and for ensuring their security.
Collapse
|
7
|
CAKE: Compatible Authentication and Key Exchange Protocol for a Smart City in 5G Networks. Symmetry (Basel) 2021. [DOI: 10.3390/sym13040698] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.7] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/17/2022] Open
Abstract
In a smart city, there are different types of entities, such as nature persons, IoT devices, and service providers, which have different computational limitations and storage limitations. Unfortunately, all of the existing authentication and key exchange (AKE) protocols are designed for either client–server or client–client authentication, including the ones designed for smart cities. In this paper, we present the idea of a compatible authentication and key exchange (CAKE) protocol which provides cross-species authentication. We propose the first CAKE protocol for a smart city that any two valid entities can authenticate with each other and create a secure session key without the help of any third party, while there is also no password table and no public key issuing problem. The entity can be a natural person having biometrics, an IoT device embedded with a physical unclonable function (PUF), or a service provider. Moreover, we extend the CAKE protocol to an anonymous CAKE (ACAKE) protocol, which provides natural persons an anonymous option to protect their privacy. In addition, both the proposed CAKE and ACAKE protocols can deal with the entity revocation problem. We define the framework and the security model of CAKE and ACAKE protocols. Under the security model, we formally prove that the proposed protocols are secure under the elliptic curve computational Diffie–Hellman (ECCDH) problem, the decisional bilinear Diffie–Hellman (DBDH) problem, and hash function assumptions. Comparisons with the related protocols are conducted to demonstrate the benefits of our protocols. Performance analysis is conducted and the experience results show that the proposed protocols are practical in a smart city.
Collapse
|
8
|
A Lightweight Three-Factor Authentication Scheme for WHSN Architecture. SENSORS 2020; 20:s20236860. [PMID: 33266197 PMCID: PMC7730542 DOI: 10.3390/s20236860] [Citation(s) in RCA: 9] [Impact Index Per Article: 2.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 10/29/2020] [Revised: 11/23/2020] [Accepted: 11/24/2020] [Indexed: 12/02/2022]
Abstract
Wireless Healthcare Sensor Network (WHSN) is a benchmarking technology deployed to levitate the quality of lives for the patients and doctors. WHSN systems must fit IEEE 802.15.6 standard for specific application criteria, unlike some standard criteria that are difficult to meet. Therefore, many security models were suggested to enhance the security of the WHSN and promote system performance. Yu and Park proposed a three-factor authentication scheme based on the smart card, biometric, and password, and their scheme can be easily employed in three-tier WHSN architecture. Furthermore, they claimed that their scheme can withstand guessing attack and provide anonymity, although, after cryptanalysis, we found that their scheme lacks both. Accordingly, we suggested a three-factor authentication scheme with better system confusion due to multiplex parametric features, hash function, and higher key size to increase the security and achieve anonymity for the connected nodes. Moreover, the scheme included initialization, authentication, re-authentication, secure node addition, user revocation, and secure data transmission via blockchain technology. The formal analysis of the scheme was conducted by BAN logic (Burrows Abadi Nadeem) and the simulation was carried out by Tamarin prover to validate that the proposed scheme is resistant to replay, session hijacking, and guessing attacks, plus it provides anonymity, perfect forward secrecy, and authentication along with the key agreement.
Collapse
|
9
|
Wang D, Wang P, Wang C. Efficient Multi-Factor User Authentication Protocol with Forward Secrecy for Real-Time Data Access in WSNs. ACM TRANSACTIONS ON CYBER-PHYSICAL SYSTEMS 2020. [DOI: 10.1145/3325130] [Citation(s) in RCA: 10] [Impact Index Per Article: 2.5] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/24/2022]
Abstract
It is challenging to design a secure and efficient multi-factor authentication scheme for real-time data access in wireless sensor networks. On the one hand, such real-time applications are generally security critical, and various security goals need to be met. On the other hand, sensor nodes and users’ mobile devices are typically of a resource-constrained nature, and expensive cryptographic primitives cannot be used. In this work, we first revisit four foremost multi-factor authentication schemes (i.e., those of Amin et al. (JNCA’18), Srinivas et al. (IEEE TDSC’18), Li et al. (JNCA’18), and Li et al. (IEEE TII’18)) and use them as case studies to reveal the difficulties and challenges in designing a multi-factor authentication scheme for wireless sensor networks correctly. We identify the root causes for their failures in achieving truly multi-factor security and forward secrecy. We further propose a robust multi-factor authentication scheme that makes use of the imbalanced computational nature of the RSA cryptosystem, particularly suitable for scenarios where sensor nodes (but not the user’s device) are the main energy bottleneck. Comparison results demonstrate the superiority of our scheme. As far as we know, it is the first two-factor authentication scheme for real-time data access in WSNs that can satisfy all 12 criteria of the state-of-the-art evaluation metric under the harshest adversary model so far.
Collapse
Affiliation(s)
| | | | - Chenyu Wang
- Beijing University of Posts and Telecommunications, Beijing, China
| |
Collapse
|
10
|
SLUA-WSN: Secure and Lightweight Three-Factor-Based User Authentication Protocol for Wireless Sensor Networks. SENSORS 2020; 20:s20154143. [PMID: 32722503 PMCID: PMC7436245 DOI: 10.3390/s20154143] [Citation(s) in RCA: 15] [Impact Index Per Article: 3.8] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 06/11/2020] [Revised: 07/15/2020] [Accepted: 07/24/2020] [Indexed: 11/17/2022]
Abstract
Wireless sensor networks (WSN) are composed of multiple sensor nodes with limited storage, computation, power, and communication capabilities and are widely used in various fields such as banks, hospitals, institutes to national defense, research, and so on. However, useful services are susceptible to security threats because sensitive data in various fields are exchanged via a public channel. Thus, secure authentication protocols are indispensable to provide various services in WSN. In 2019, Mo and Chen presented a lightweight secure user authentication scheme in WSN. We discover that Mo and Chen's scheme suffers from various security flaws, such as session key exposure and masquerade attacks, and does not provide anonymity, untraceability, and mutual authentication. To resolve the security weaknesses of Mo and Chen's scheme, we propose a secure and lightweight three-factor-based user authentication protocol for WSN, called SLUA-WSN. The proposed SLUA-WSN can prevent security threats and ensure anonymity, untraceability, and mutual authentication. We analyze the security of SLUA-WSN through the informal and formal analysis, including Burrows-Abadi-Needham (BAN) logic, Real-or-Random (ROR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. Moreover, we compare the performance of SLUA-WSN with some existing schemes. The proposed SLUA-WSN better ensures the security and efficiency than previous proposed scheme and is suitable for practical WSN applications.
Collapse
|
11
|
Research of Security Routing Protocol for UAV Communication Network Based on AODV. ELECTRONICS 2020. [DOI: 10.3390/electronics9081185] [Citation(s) in RCA: 6] [Impact Index Per Article: 1.5] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/16/2022]
Abstract
With the rapid development of information technology and the increasing application of UAV in various fields, the security problems of unmanned aerial vehicle (UAV) communication network have become increasingly prominent. It has become an important scientific challenge to design a routing protocol that can provide efficient and reliable node to node packet transmission. In this paper, an efficient Digital Signature algorithm based on the elliptic curve cryptosystem is applied to routing protocol, and an improved security method suitable for on-demand routing protocol is proposed. The UAV communication network was simulated through the NS2 simulation platform, and the execution efficiency and safety of the improved routing protocol were analyzed. In the simulation experiment, the routing protocols of ad-hoc on demand distance vector (AODV), security ad-hoc on demand distance vector (SAODV), and improved security ad-hoc on demand distance vector (ISAODV) are compared in terms of the performance indicators of packet delivery rate, throughput, and end-to-end delay under normal conditions and when attacked by malicious nodes. The simulation results show that the improved routing protocol can effectively improve the security of the UAV communication network.
Collapse
|
12
|
Lee H, Kang D, Ryu J, Won D, Kim H, Lee Y. A three-factor anonymous user authentication scheme for Internet of Things environments. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2020. [DOI: 10.1016/j.jisa.2020.102494] [Citation(s) in RCA: 18] [Impact Index Per Article: 4.5] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/27/2022]
|
13
|
A Secure and Efficient Three-Factor Authentication Protocol in Global Mobility Networks. APPLIED SCIENCES-BASEL 2020. [DOI: 10.3390/app10103565] [Citation(s) in RCA: 12] [Impact Index Per Article: 3.0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/16/2022]
Abstract
With the developments in communication and mobile technologies, mobile users can access roaming services by utilizing a mobile device at any time and any place in the global mobility networks. However, these require several security requirements, such as authentication and anonymity, because the information is transmitted over an open channel. Thus, secure and efficient authentication protocols are essential to provide secure roaming services for legitimate users. In 2018, Madhusudhan et al. presented a secure authentication protocol for global mobile networks. However, we demonstrated that their protocol could not prevent potential attacks, including masquerade, session key disclosure, and replay attacks. Thus, we proposed a secure and efficient three-factor authentication protocol to overcome the security weaknesses of Madhusudhan et al.’s scheme. The proposed scheme was demonstrated to prevent various attacks and provided a secure mutual authentication by utilizing biometrics and secret parameters. We evaluated the security of the proposed protocol using informal security analysis and formal security analysis, such as the real-or-random (ROR) model and Burrows–Abadi–Needham (BAN) logic. In addition, we showed that our scheme withstands man-in-the-middle (MITM) and replay attacks utilizing formal security validation automated validation of internet security protocols and applications (AVISPA) simulation. Finally, we compared the performance of our protocol with existing schemes. Consequently, our scheme ensured better security and efficiency features than existing schemes and can be suitable for resource-constrained mobile environments.
Collapse
|
14
|
Kim M, Yu S, Lee J, Park Y, Park Y. Design of Secure Protocol for Cloud-Assisted Electronic Health Record System Using Blockchain. SENSORS 2020; 20:s20102913. [PMID: 32455635 PMCID: PMC7284443 DOI: 10.3390/s20102913] [Citation(s) in RCA: 15] [Impact Index Per Article: 3.8] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 04/15/2020] [Revised: 05/19/2020] [Accepted: 05/20/2020] [Indexed: 11/16/2022]
Abstract
In the traditional electronic health record (EHR) management system, each medical service center manages their own health records, respectively, which are difficult to share on the different medical platforms. Recently, blockchain technology is one of the popular alternatives to enable medical service centers based on different platforms to share EHRs. However, it is hard to store whole EHR data in blockchain because of the size and the price of blockchain. To resolve this problem, cloud computing is considered as a promising solution. Cloud computing offers advantageous properties such as storage availability and scalability. Unfortunately, the EHR system with cloud computing can be vulnerable to various attacks because the sensitive data is sent over a public channel. We propose the secure protocol for cloud-assisted EHR system using blockchain. In the proposed scheme, blockchain technology is used to provide data integrity and access control using log transactions and the cloud server stores and manages the patient’s EHRs to provide secure storage resources. We use an elliptic curve cryptosystems (ECC) to provide secure health data sharing with cloud computing. We demonstrate that the proposed EHR system can prevent various attacks by using informal security analysis and automated validation of internet security protocols and applications (AVISPA) simulation. Furthermore, we prove that the proposed EHR system provides secure mutual authentication using BAN logic analysis. We then compare the computation overhead, communication overhead, and security properties with existing schemes. Consequently, the proposed EHR system is suitable for the practical healthcare system considering security and efficiency.
Collapse
Affiliation(s)
- MyeongHyun Kim
- School of Electronics Engineering, Kyungpook National University, Daegu 41566, Korea; (M.K.); (J.L.)
| | - SungJin Yu
- School of Electronics Engineering, Kyungpook National University, Daegu 41566, Korea; (M.K.); (J.L.)
- Correspondence: (S.Y.); (Y.P.); Tel.: +82-53-950-7842 (Y.P.)
| | - JoonYoung Lee
- School of Electronics Engineering, Kyungpook National University, Daegu 41566, Korea; (M.K.); (J.L.)
| | - YoHan Park
- School of Computer Engineering, Keimyung University, Daegu 42601, Korea;
| | - YoungHo Park
- School of Electronics Engineering, Kyungpook National University, Daegu 41566, Korea; (M.K.); (J.L.)
- Correspondence: (S.Y.); (Y.P.); Tel.: +82-53-950-7842 (Y.P.)
| |
Collapse
|
15
|
Privacy-Preserving Lightweight Authentication Protocol for Demand Response Management in Smart Grid Environment. APPLIED SCIENCES-BASEL 2020. [DOI: 10.3390/app10051758] [Citation(s) in RCA: 21] [Impact Index Per Article: 5.3] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/16/2022]
Abstract
With the development in wireless communication and low-power device, users can receive various useful services such as electric vehicle (EV) charging, smart building, and smart home services at anytime and anywhere in smart grid (SG) environments. The SG devices send demand of electricity to the remote control center and utility center (UC) to use energy services, and UCs handle it for distributing electricity efficiently. However, in SG environments, the transmitted messages are vulnerable to various attacks because information related to electricity is transmitted over an insecure channel. Thus, secure authentication and key agreement are essential to provide secure energy services for legitimate users. In 2019, Kumar et al. presented a secure authentication protocol for demand response management in the SG system. However, we demonstrate that their protocol is insecure against masquerade, the SG device stolen, and session key disclosure attacks and does not ensure secure mutual authentication. Thus, we propose a privacy-preserving lightweight authentication protocol for demand response management in the SG environments to address the security shortcomings of Kumar et al.’s protocol. The proposed protocol withstands various attacks and ensures secure mutual authentication and anonymity. We also evaluated the security features of the proposed scheme using informal security analysis and proved the session key security of proposed scheme using the ROR model. Furthermore, we showed that the proposed protocol achieves secure mutual authentication between the SG devices and the UC using Burrows–Abadi–Needham (BAN) logic analysis. We also demonstrated that our authentication protocol prevents man-in-the-middle and replay attacks utilizing AVISPA simulation tool and compared the performance analysis with other existing protocols. Therefore, the proposed scheme provides superior safety and efficiency other than existing related protocols and can be suitable for practical SG environments.
Collapse
|
16
|
Efficient and Flexible Multi-Factor Authentication Protocol Based on Fuzzy Extractor of Administrator’s Fingerprint and Smart Mobile Device. CRYPTOGRAPHY 2019. [DOI: 10.3390/cryptography3030024] [Citation(s) in RCA: 7] [Impact Index Per Article: 1.4] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
Abstract
In an era of tremendous development in information technology and the Internet of Things (IoT), security plays a key role in safety devices connected with the Internet. Authentication is vital in the security field, and to achieve a strong authentication scheme, there are several systems using a Multi-Factor Authentication (MFA) scheme based on a smart card, token, and biometric. However, these schemes have suffered from the extra cost; lost, stolen or broken factor, and malicious attacks. In this paper, we design an MFA protocol to be the authenticated administrator of IoT’s devices. The main components of our protocol are a smart mobile device and the fuzzy extractor of the administrator’s fingerprint. The information of the authenticated user is stored in an anomalous manner in mobile devices and servers to resist well-known attacks, and, as a result, the attacker fails to authenticate the system when they obtain a mobile device or password. Our work overcomes the above-mentioned issues and does not require extra cost for a fingerprint device. By using the AVISPA tool to analysis protocol security, the results are good and safe against known attacks.
Collapse
|
17
|
Yu S, Park K, Park Y. A Secure Lightweight Three-Factor Authentication Scheme for IoT in Cloud Computing Environment. SENSORS 2019; 19:s19163598. [PMID: 31430911 PMCID: PMC6720725 DOI: 10.3390/s19163598] [Citation(s) in RCA: 30] [Impact Index Per Article: 6.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 07/01/2019] [Revised: 08/13/2019] [Accepted: 08/16/2019] [Indexed: 11/17/2022]
Abstract
With the development of cloud computing and communication technology, users can access the internet of things (IoT) services provided in various environments, including smart home, smart factory, and smart healthcare. However, a user is insecure various types of attacks, because sensitive information is often transmitted via an open channel. Therefore, secure authentication schemes are essential to provide IoT services for legal users. In 2019, Pelaez et al. presented a lightweight IoT-based authentication scheme in cloud computing environment. However, we prove that Pelaez et al.’s scheme cannot prevent various types of attacks such as impersonation, session key disclosure, and replay attacks and cannot provide mutual authentication and anonymity. In this paper, we present a secure and lightweight three-factor authentication scheme for IoT in cloud computing environment to resolve these security problems. The proposed scheme can withstand various attacks and provide secure mutual authentication and anonymity by utilizing secret parameters and biometric. We also show that our scheme achieves secure mutual authentication using Burrows–Abadi–Needham logic analysis. Furthermore, we demonstrate that our scheme resists replay and man-in-the-middle attacks usingthe automated validation of internet security protocols and applications (AVISPA) simulation tool. Finally, we compare the performance and the security features of the proposed scheme with some existing schemes. Consequently, we provide better safety and efficiency than related schemes and the proposed scheme is suitable for practical IoT-based cloud computing environment.
Collapse
Affiliation(s)
- SungJin Yu
- School of Electronics Engineering, Kyungpook National University, Daegu 41566, Korea
| | - KiSung Park
- School of Electronics Engineering, Kyungpook National University, Daegu 41566, Korea
| | - YoungHo Park
- School of Electronics Engineering, Kyungpook National University, Daegu 41566, Korea.
| |
Collapse
|
18
|
Secure Three-Factor Authentication Protocol for Multi-Gateway IoT Environments. SENSORS 2019; 19:s19102358. [PMID: 31121895 PMCID: PMC6566155 DOI: 10.3390/s19102358] [Citation(s) in RCA: 37] [Impact Index Per Article: 7.4] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 03/28/2019] [Revised: 05/18/2019] [Accepted: 05/20/2019] [Indexed: 11/28/2022]
Abstract
Internet of Things (IoT) environments such as smart homes, smart factories, and smart buildings have become a part of our lives. The services of IoT environments are provided through wireless networks to legal users. However, the wireless network is an open channel, which is insecure to attacks from adversaries such as replay attacks, impersonation attacks, and invasions of privacy. To provide secure IoT services to users, mutual authentication protocols have attracted much attention as consequential security issues, and numerous protocols have been studied. In 2017, Bae et al. presented a smartcard-based two-factor authentication protocol for multi-gateway IoT environments. However, we point out that Bae et al.’s protocol is vulnerable to user impersonation attacks, gateway spoofing attacks, and session key disclosure, and cannot provide a mutual authentication. In addition, we propose a three-factor mutual authentication protocol for multi-gateway IoT environments to resolve these security weaknesses. Then, we use Burrows–Abadi–Needham (BAN) logic to prove that the proposed protocol achieves secure mutual authentication, and we use the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to analyze a formal security verification. In conclusion, our proposed protocol is secure and applicable in multi-gateway IoT environments.
Collapse
|
19
|
A Lightweight Three-Factor Authentication and Key Agreement Scheme in Wireless Sensor Networks for Smart Homes. SENSORS 2019; 19:s19092012. [PMID: 31035690 PMCID: PMC6539327 DOI: 10.3390/s19092012] [Citation(s) in RCA: 31] [Impact Index Per Article: 6.2] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 03/29/2019] [Revised: 04/20/2019] [Accepted: 04/24/2019] [Indexed: 11/17/2022]
Abstract
A wireless sensor network (WSN) is used for a smart home system’s backbone that monitors home environment and controls smart home devices to manage lighting, heating, security and surveillance. However, despite its convenience and potential benefits, there are concerns about various security threats that may infringe on privacy and threaten our home life. For protecting WSNs for smart homes from those threats, authentication and key agreement are basic security requirements. There have been a large number of proposed authentication and key agreement scheme for WSNs. In 2017, Jung et al. proposed an efficient and security enhanced anonymous authentication with key agreement scheme by employing biometrics information as the third authentication factor. They claimed that their scheme resists on various security attacks and satisfies basic security requirements. However, we have discovered that Jung et al.’s scheme possesses some security weaknesses. Their scheme cannot guarantee security of the secret key of gateway node and security of session key and protection against user tracking attack, information leakage attack, and user impersonation attack. In this paper, we describe how those security weaknesses occur and propose a lightweight three-factor authentication and key agreement scheme in WSNs for smart homes, as an improved version of Jung et al.’s scheme. We then present a detailed analysis of the security and performance of the proposed scheme and compare the analysis results with other related schemes.
Collapse
|
20
|
Ryu J, Lee H, Kim H, Won D. Secure and Efficient Three-Factor Protocol for Wireless Sensor Networks. SENSORS 2018; 18:s18124481. [PMID: 30567374 PMCID: PMC6308603 DOI: 10.3390/s18124481] [Citation(s) in RCA: 18] [Impact Index Per Article: 3.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 11/08/2018] [Revised: 12/12/2018] [Accepted: 12/14/2018] [Indexed: 12/02/2022]
Abstract
Wireless sensor networks are widely used in many applications such as environmental monitoring, health care, smart grid and surveillance. Many security protocols have been proposed and intensively studied due to the inherent nature of wireless networks. In particular, Wu et al. proposed a promising authentication scheme which is sufficiently robust against various attacks. However, according to our analysis, Wu et al.’s scheme has two serious security weaknesses against malicious outsiders. First, their scheme can lead to user impersonation attacks. Second, user anonymity is not preserved in their scheme. In this paper, we present these vulnerabilities of Wu et al.’s scheme in detail. We also propose a new scheme to complement their weaknesses. We improve and speed up the vulnerability of the Wu et al. scheme. Security analysis is analyzed by Proverif and informal analysis is performed for various attacks.
Collapse
Affiliation(s)
- Jihyeon Ryu
- Department of Platform Software, Sungkyunkwan University, Gyeonggi-do 16419, Korea.
| | - Hakjun Lee
- Department of Electrical and Computer Engineering, Sungkyunkwan University, Gyeonggi-do 16419, Korea.
| | - Hyoungshick Kim
- Department of Computer Engineering, Sungkyunkwan University, Gyeonggi-do 16419, Korea.
| | - Dongho Won
- Department of Computer Engineering, Sungkyunkwan University, Gyeonggi-do 16419, Korea.
| |
Collapse
|
21
|
Secure Authentication Protocol for Wireless Sensor Networks in Vehicular Communications. SENSORS 2018; 18:s18103191. [PMID: 30248898 PMCID: PMC6209973 DOI: 10.3390/s18103191] [Citation(s) in RCA: 43] [Impact Index Per Article: 7.2] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 07/27/2018] [Revised: 09/18/2018] [Accepted: 09/18/2018] [Indexed: 11/19/2022]
Abstract
With wireless sensor networks (WSNs), a driver can access various useful information for convenient driving, such as traffic congestion, emergence, vehicle accidents, and speed. However, a driver and traffic manager can be vulnerable to various attacks because such information is transmitted through a public channel. Therefore, secure mutual authentication has become an important security issue, and many authentication schemes have been proposed. In 2017, Mohit et al. proposed an authentication protocol for WSNs in vehicular communications to ensure secure mutual authentication. However, their scheme cannot resist various attacks such as impersonation and trace attacks, and their scheme cannot provide secure mutual authentication, session key security, and anonymity. In this paper, we propose a secure authentication protocol for WSNs in vehicular communications to resolve the security weaknesses of Mohit et al.’s scheme. Our authentication protocol prevents various attacks and achieves secure mutual authentication and anonymity by using dynamic parameters that are changed every session. We prove that our protocol provides secure mutual authentication by using the Burrows–Abadi–Needham logic, which is a widely accepted formal security analysis. We perform a formal security verification by using the well-known Automated Validation of Internet Security Protocols and Applications tool, which shows that the proposed protocol is safe against replay and man-in-the-middle attacks. We compare the performance and security properties of our protocol with other related schemes. Overall, the proposed protocol provides better security features and a comparable computation cost. Therefore, the proposed protocol can be applied to practical WSNs-based vehicular communications.
Collapse
|
22
|
A Multi-Server Two-Factor Authentication Scheme with Un-Traceability Using Elliptic Curve Cryptography. SENSORS 2018; 18:s18072394. [PMID: 30041475 PMCID: PMC6068574 DOI: 10.3390/s18072394] [Citation(s) in RCA: 25] [Impact Index Per Article: 4.2] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 07/02/2018] [Revised: 07/18/2018] [Accepted: 07/20/2018] [Indexed: 11/17/2022]
Abstract
To provide secure communication, the authentication-and-key-agreement scheme plays a vital role in multi-server environments, Internet of Things (IoT), wireless sensor networks (WSNs), etc. This scheme enables users and servers to negotiate for a common session initiation key. Our proposal first analyzes Amin et al.’s authentication scheme based on RSA and proves that it cannot provide perfect forward secrecy and user un-traceability, and is susceptible to offline password guessing attack and key-compromise user impersonation attack. Secondly, we provide that Srinivas et al.’s multi-server authentication scheme is not secured against offline password guessing attack and key-compromise user impersonation attack, and is unable to ensure user un-traceability. To remedy such limitations and improve computational efficiency, we present a multi-server two-factor authentication scheme using elliptic curve cryptography (ECC). Subsequently, employing heuristic analysis and Burrows–Abadi–Needham logic (BAN-Logic) proof, it is proven that the presented scheme provides security against all known attacks, and in particular provides user un-traceability and perfect forward security. Finally, appropriate comparisons with prevalent works demonstrate the robustness and feasibility of the presented solution in multi-server environments.
Collapse
|
23
|
Parrilla L, Castillo E, López-Ramos JA, Álvarez-Bermejo JA, García A, Morales DP. Unified Compact ECC-AES Co-Processor with Group-Key Support for IoT Devices in Wireless Sensor Networks. SENSORS 2018; 18:s18010251. [PMID: 29337921 PMCID: PMC5795697 DOI: 10.3390/s18010251] [Citation(s) in RCA: 15] [Impact Index Per Article: 2.5] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 12/12/2017] [Revised: 01/04/2018] [Accepted: 01/12/2018] [Indexed: 11/30/2022]
Abstract
Security is a critical challenge for the effective expansion of all new emerging applications in the Internet of Things paradigm. Therefore, it is necessary to define and implement different mechanisms for guaranteeing security and privacy of data interchanged within the multiple wireless sensor networks being part of the Internet of Things. However, in this context, low power and low area are required, limiting the resources available for security and thus hindering the implementation of adequate security protocols. Group keys can save resources and communications bandwidth, but should be combined with public key cryptography to be really secure. In this paper, a compact and unified co-processor for enabling Elliptic Curve Cryptography along to Advanced Encryption Standard with low area requirements and Group-Key support is presented. The designed co-processor allows securing wireless sensor networks with independence of the communications protocols used. With an area occupancy of only 2101 LUTs over Spartan 6 devices from Xilinx, it requires 15% less area while achieving near 490% better performance when compared to cryptoprocessors with similar features in the literature.
Collapse
Affiliation(s)
- Luis Parrilla
- Dpto. Electrónica y Tecnología de Computadores, Universidad de Granada, 18071 Granada, Spain.
| | - Encarnación Castillo
- Dpto. Electrónica y Tecnología de Computadores, Universidad de Granada, 18071 Granada, Spain.
| | | | | | - Antonio García
- Dpto. Electrónica y Tecnología de Computadores, Universidad de Granada, 18071 Granada, Spain.
| | - Diego P Morales
- Dpto. Electrónica y Tecnología de Computadores, Universidad de Granada, 18071 Granada, Spain.
| |
Collapse
|
24
|
An Enhanced Three-Factor User Authentication Scheme Using Elliptic Curve Cryptosystem for Wireless Sensor Networks. SENSORS 2017; 17:s17122946. [PMID: 29257066 PMCID: PMC5750781 DOI: 10.3390/s17122946] [Citation(s) in RCA: 45] [Impact Index Per Article: 6.4] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 11/11/2017] [Revised: 12/01/2017] [Accepted: 12/04/2017] [Indexed: 11/16/2022]
Abstract
As an essential part of Internet of Things (IoT), wireless sensor networks (WSNs) have touched every aspect of our lives, such as health monitoring, environmental monitoring and traffic monitoring. However, due to its openness, wireless sensor networks are vulnerable to various security threats. User authentication, as the first fundamental step to protect systems from various attacks, has attracted much attention. Numerous user authentication protocols armed with formal proof are springing up. Recently, two biometric-based schemes were proposed with confidence to be resistant to the known attacks including offline dictionary attack, impersonation attack and so on. However, after a scrutinization of these two schemes, we found them not secure enough as claimed, and then demonstrated that these schemes suffer from various attacks, such as offline dictionary attack, impersonation attack, no user anonymity, no forward secrecy, etc. Furthermore, we proposed an enhanced scheme to overcome the identified weaknesses, and proved its security via Burrows-Abadi-Needham (BAN) logic and the heuristic analysis. Finally, we compared our scheme with other related schemes, and the results showed the superiority of our scheme.
Collapse
|
25
|
Fuzzy Extractor and Elliptic Curve Based Efficient User Authentication Protocol for Wireless Sensor Networks and Internet of Things. INFORMATION 2017. [DOI: 10.3390/info8040136] [Citation(s) in RCA: 23] [Impact Index Per Article: 3.3] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/16/2022] Open
|
26
|
Moon J, Lee D, Lee Y, Won D. Improving Biometric-Based Authentication Schemes with Smart Card Revocation/Reissue for Wireless Sensor Networks. SENSORS 2017; 17:s17050940. [PMID: 28441331 PMCID: PMC5461064 DOI: 10.3390/s17050940] [Citation(s) in RCA: 21] [Impact Index Per Article: 3.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 03/08/2017] [Revised: 03/30/2017] [Accepted: 04/04/2017] [Indexed: 11/16/2022]
Abstract
User authentication in wireless sensor networks is more difficult than in traditional networks owing to sensor network characteristics such as unreliable communication, limited resources, and unattended operation. For these reasons, various authentication schemes have been proposed to provide secure and efficient communication. In 2016, Park et al. proposed a secure biometric-based authentication scheme with smart card revocation/reissue for wireless sensor networks. However, we found that their scheme was still insecure against impersonation attack, and had a problem in the smart card revocation/reissue phase. In this paper, we show how an adversary can impersonate a legitimate user or sensor node, illegal smart card revocation/reissue and prove that Park et al.’s scheme fails to provide revocation/reissue. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Finally, we provide security and performance analysis between previous schemes and the proposed scheme, and provide formal analysis based on the random oracle model. The results prove that the proposed scheme can solve the weaknesses of impersonation attack and other security flaws in the security analysis section. Furthermore, performance analysis shows that the computational cost is lower than the previous scheme.
Collapse
Affiliation(s)
- Jongho Moon
- Department of Electrical and Computer Engineering, Sungkyunkwan University, 2066 Seobu-ro, Jangan-gu, Suwon-si, Gyeonggi-do 16419, Korea.
| | - Donghoon Lee
- Department of Electrical and Computer Engineering, Sungkyunkwan University, 2066 Seobu-ro, Jangan-gu, Suwon-si, Gyeonggi-do 16419, Korea.
| | - Youngsook Lee
- Department of Cyber Security, Howon University, 64 Howondae 3-gil, Impi-myeon, Gunsan-si, Jeonrabuk-do 54058, Korea.
| | - Dongho Won
- Department of Computer Engineering, Sungkyunkwan University, 2066 Seobu-ro, Jangan-gu, Suwon-si, Gyeonggi-do 16419, Korea.
| |
Collapse
|
27
|
Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks. SENSORS 2017; 17:s17030644. [PMID: 28335572 PMCID: PMC5375930 DOI: 10.3390/s17030644] [Citation(s) in RCA: 13] [Impact Index Per Article: 1.9] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 12/23/2016] [Revised: 03/07/2017] [Accepted: 03/17/2017] [Indexed: 11/17/2022]
Abstract
At present, users can utilize an authenticated key agreement protocol in a Wireless Sensor Network (WSN) to securely obtain desired information, and numerous studies have investigated authentication techniques to construct efficient, robust WSNs. Chang et al. recently presented an authenticated key agreement mechanism for WSNs and claimed that their authentication mechanism can both prevent various types of attacks, as well as preserve security properties. However, we have discovered that Chang et al’s method possesses some security weaknesses. First, their mechanism cannot guarantee protection against a password guessing attack, user impersonation attack or session key compromise. Second, the mechanism results in a high load on the gateway node because the gateway node should always maintain the verifier tables. Third, there is no session key verification process in the authentication phase. To this end, we describe how the previously-stated weaknesses occur and propose a security-enhanced version for WSNs. We present a detailed analysis of the security and performance of our authenticated key agreement mechanism, which not only enhances security compared to that of related schemes, but also takes efficiency into consideration.
Collapse
|