Affiliation:
1. Department of Computer Engineering, College of Engineering, Keimyung University, Daegu 42601, Republic of Korea
Abstract
A paradigm that combines cloud computing and the Internet of Things (IoT) allows for more impressive services to be provided to users while addressing storage and computational resource issues in the IoT environments. This cloud-based IoT environment has been used in various industries, including public services, for quite some time, and has been researched in academia. However, various security issues can arise during the communication between IoT devices and cloud servers, because communication between devices occurs in open channels. Moreover, issues such as theft of a user’s IoT device or extraction of key parameters from the user’s device in a remote location can arise. Researchers interested in these issues have proposed lightweight mutual authentication key agreement protocols that are safe and suitable for IoT environments. Recently, a lightweight authentication scheme between IoT devices and cloud servers has been presented. However, we found out their scheme had various security vulnerabilities, vulnerable to insider, impersonation, verification table leakage, and privileged insider attacks, and did not provide users with untraceability. To address these flaws, we propose a provably secure lightweight authentication scheme. The proposed scheme uses the user’s biometric information and the cloud server’s secret key to prevent the exposure of key parameters. Additionally, it ensures low computational costs for providing users with real-time and fast services using only exclusive OR operations and hash functions in the IoT environments. To analyze the safety of the proposed scheme, we use informal security analysis, Burrows–Abadi–Needham (BAN) logic and a Real-or-Random (RoR) model. The analysis results confirm that our scheme is secure against insider attacks, impersonation attacks, stolen verifier attacks, and so on; furthermore, it provides additional security elements. Simultaneously, it has been verified to possess enhanced communication costs, and total bit size has been shortened to 3776 bits, which is improved by almost 6% compared to Wu et al.’s scheme. Therefore, we demonstrate that the proposed scheme is suitable for cloud-based IoT environments.
Subject
Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry
Reference49 articles.
1. Internet of Things (IoT): A vision, architectural elements, and future directions;Gubbi;Future Gener. Comput. Syst.,2013
2. The study and application of the IOT technology in agriculture;Zhao;Proceedings of the 2010 3rd International Conference on Computer Science and Information Technology,2010
3. Park, Y., and Park, Y. (2016). Three-factor user authentication and key agreement using elliptic curve cryptosystem in wireless sensor networks. Sensors, 16.
4. Lee, S., Kim, S., Yu, S., Jho, N., and Park, Y. (2022). Provably Secure PUF-Based Lightweight Mutual Authentication Scheme for Wireless Body Area Networks. Electronics, 11.
5. Park, Y., Ryu, D., Kwon, D., and Park, Y. (2023). Provably secure mutual authentication and key agreement scheme using PUF in internet of drones deployments. Sensors, 23.