Abstract
The advancements in the internet of things (IoT) require specialized security protocols to provide unbreakable security along with computation and communication efficiencies. Moreover, user privacy and anonymity has emerged as an integral part, along with other security requirements. Unfortunately, many recent authentication schemes to secure IoT-based systems were either proved as vulnerable to different attacks or prey of inefficiencies. Some of these schemes suffer from a faulty design that happened mainly owing to undue emphasis on privacy and anonymity alongside performance efficiency. This article aims to show the design faults by analyzing a very recent hash functions-based authentication scheme for cloud-based IoT systems with misunderstood privacy cum efficiency tradeoff owing to an unadorned design flaw, which is also present in many other such schemes. Precisely, it is proved in this article that the scheme of Wazid et al. cannot provide mutual authentication and key agreement between a user and a sensor node when there exists more than one registered user. We then proposed an improved scheme and proved its security through formal and informal methods. The proposed scheme completes the authentication cycle with a minor increase in computation cost but provides all security goals along with privacy.
- M. Abdalla, P. Fouque, and D. Pointcheval. 2005. Password-based authenticated key exchange in the three-party setting. In Proceedings of the 8th International Workshop on Theory and Practice in Public Key Cryptography (PKC’05), Lecture Notes in Computer Science , 65–84. Google Scholar
Digital Library
- Shubhani Aggarwal and Neeraj Kumar. 2020. Path planning techniques for unmanned aerial vehicles: A review, solutions, and challenges. Comput. Commun. 149 (2020), 270–299.Google Scholar
Digital Library
- Z. Ali, S. A. Chaudhry, M. S. Ramzan, and F. Al-Turjman. 2020. Securing smart city surveillance: a lightweight authentication mechanism for unmanned vehicles. IEEE Access 8 (2020), 43711–43724. DOI:https://doi.org/10.1109/ACCESS.2020.2977817Google Scholar
Cross Ref
- Bander A. Alzahrani, Shehzad Ashraf Chaudhry, Ahmed Barnawi, Abdullah Al-Barakati, and Mohammed H. Alsharif. 2020. A privacy preserving authentication scheme for roaming in IoT-Based wireless mobile networks. Symmetry 12, 2 (2020), 287.Google Scholar
Cross Ref
- M. N. Aman, M. H. Basheer, S. Dash, J. W. Wong, J. Xu, H. W. Lim, and B. Sikdar. 2020. HAtt: hybrid remote attestation for the internet of things with high availability. IEEE IoT J. 7, 8 (2020), 7220–7233. DOI:https://doi.org/10.1109/JIOT.2020.2983655Google Scholar
- R. Amin, S. H. Islam, G. Biswas, M. K. Khan, L. Leng, and N. Kumar. 2016. Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks. Comput. Netw. 101 (2016), 42–62. Google Scholar
Digital Library
- R. Amin, N. Kumar, G. P. Biswas, R. Iqbal, and V. Chang. 2018. A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment, Fut. Gener. Comput. Syst. 78 (2018), 1005–1019. Google Scholar
Digital Library
- S. Banerjee, V. Odelu, A. K. Das, J. Srinivas, N. Kumar, S. Chattopadhyay, and K. K. R. Choo. 2019. A provably secure and lightweight anonymous user authenticated session key exchange scheme for internet of things deployment. IEEE IoT J. 6, 5 (2019), 8739–8752.Google Scholar
- Rajanpreet Kaur Chahal, Neeraj Kumar, and Shalini Batra. 2020. Trust management in social Internet of Things: A taxonomy, open issues, and challenges. Comput. Commun. 150 (2020), 13–46.Google Scholar
Cross Ref
- Sravani Challa, Ashok Kumar Das, Prosanta Gope, Neeraj Kumar, Fan Wu, and Athanasios V. Vasilakos. 2020. Design and Analysis of Authenticated Key Agreement Scheme in Cloud-assisted Cyber–physical Systems. Future Generation Computer Systems 108 (2020), 1267–1286.Google Scholar
Cross Ref
- S. Challa, M. Wazid, A. K. Das, N. Kumar, A. Goutham Reddy, E. Yoon, and K. Yoo. 2017. Secure signature-based authenticated key establishment scheme for future iot applications. IEEE Access 5 (2017), 3028–3043. DOI:https://doi.org/10.1109/ACCESS.2017.2676119Google Scholar
Cross Ref
- C. C. Chang, H. D. Le, and A. Provably Secure. 2016. Efficientand flexible authentication scheme for ad hoc wireless sensor networks, IEEE Trans. Wireless Commun. 15, 1 (2016), 357–366.Google Scholar
Digital Library
- Rajat Chaudhary. 2019. Gagangeet Singh Aujla, Neeraj Kumar, Sherali Zeadally, lattice-based public key cryptosystem for internet of things environment: Challenges and solutions. IEEE IoT J. 6, 3 (2019), 4897–4909.Google Scholar
- S. A. Chaudhry, H. Alhakami, A. Baz, and F. Al-Turjman. 2020. Securing demand response management: A certificate-based access control in smart grid edge computing infrastructure. IEEE Access 8 (2020), 101235–101243. DOI:https://doi.org/10.1109/ACCESS.2020.2996093Google Scholar
Cross Ref
- Shehzad Ashraf Chaudhry, Taeshik Shon, Fadi Al-Turjman, and Mohammed H. Alsharif. 2020. Correcting design flaws: An improved and cloud assisted key agreement scheme in cyber physical systems. Comput. Commun. 153 (2020), 527–537. https://doi.org/10.1016/j.comcom.2020.02.025Google Scholar
Digital Library
- Ashok Kumar Das, Mohammad Wazid, Neeraj Kumar, Athanasios V. Vasilakos, and Joel J. P. C. Rodrigues. 2018. Biometrics-based privacy-preserving user authentication scheme for cloud-based industrial internet of things deployment. IEEE IoT J. 5, 6 (2018), 4900–4913.Google Scholar
- M. L. Das. 2009. Two-factor user authentication in wireless sensor networks. IEEE Trans. Wireless Commun. 8, 3 (2009), 1086–1090. Google Scholar
Digital Library
- D. Dolev and A. Yao. 1983. On the security of public key protocols. IEEE Trans. Inf. Theory 29, 2 (1983), 198–208. Google Scholar
Digital Library
- M. S. Farash, M. Turkanovic, S. Kumari, and M. Holbl. 2016. An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment. Ad Hoc Netw. 36 (2016), 152. Google Scholar
Digital Library
- Anwar Ghani, Khwaja Mansoor, Shahid Mehmood, Shehzad Ashraf Chaudhry, Arif Ur Rahman, and Malik Najmus Saqib. 2019. Security and Key Management in IoT based wireless sensor networks: an authentication protocol using symmetric key. Int. J. Commun. Syst. 32 (2019), 16. DOI:https://doi.org/10.1002/dac.4139Google Scholar
Cross Ref
- Rajesh Gupta, Sudeep Tanwar, Sudhanshu Tyagi, and Neeraj Kumar. 2019. Tactile internet and its applications in 5G era: A comprehensive review. Int. J. Commun. Syst. 32 (2019), 14.Google Scholar
Cross Ref
- Rajesh Gupta, Sudeep Tanwar, Sudhanshu Tyagi, and Neeraj Kumar. 2020. Machine learning models for secure data analytics: a taxonomy and threat model. Comput. Commun. 153 (2020), 406–440.Google Scholar
Digital Library
- Mahmood Ul Hassan, Shehzad Ashraf Chaudhry, and Azeem Irshad. 2020. An improved SIP authenticated key agreement based on Dongqing et al.Wireless Pers. Commun. 110, 4 (2020), 2087–2107.Google Scholar
Cross Ref
- W. B. Hsieh, J. S. Leu, and A. Robust. 2014. User authentication scheme using dynamic identity in wireless sensor networks. Wireless Pers. Commun. 77, 2 (2014), 979–989. Google Scholar
Digital Library
- Sajid Hussain and Shehzad Ashraf Chaudhry. 2019. Comments on ”biometrics-based privacy-preserving user authentication scheme for cloud-based industrial internet of things deployment.”IEEE IoT J. 6, 6 (2019), 10936–10940.Google Scholar
- A. Irshad, S. A. Chaudhry, O. A. Alomari, K. Yahya, and N. Kumar. 2020. A novel pairing-free lightweight authentication protocol for mobile cloud computing framework. IEEE Syst. J. (2020), 1–9. DOI:https://doi.org/10.1109/JSYST.2020.2998721Google Scholar
- A. Irshad, M. Usman, S. A. Chaudhry, H. Naqvi, and M. Shafiq. 2020. A provably secure and efficient authenticated key agreement scheme for energy internet-based vehicle-to-grid technology framework. IEEE Trans. Industr. Appl. 56, 4 (2020), 4425–4435. DOI:https://doi.org/10.1109/TIA.2020.2966160Google Scholar
- U. Javaid, M. N. Aman, and B. Sikdar. 2020. A scalable protocol for driving trust management in internet of vehicles with blockchain. IEEE IoT J. 7, 12 (2020), 11815–11829. DOI:https://doi.org/10.1109/JIOT.2020.3002711Google Scholar
- Q. Jiang, S. Zeadally, J. Ma, and D. He. 2017. Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks. IEEE Access 5 (2017), 3376–3392.Google Scholar
Cross Ref
- N. Khalil, M. R. Abid, D. Benhaddou, and M. Gerndt. 2014. Wireless sensors networks for internet of things. In Proceedings of the International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP’14),1–6.Google Scholar
- M. K. Khan and K. Alghathbar. 2010. Cryptanalysis and security improvements of a two-factor user authentication in wireless sensor networks. Sensors 10, 3 (2010), 2450–2459.Google Scholar
Cross Ref
- H. H. Kilinc and A T. Yanik. 2014. survey of sip authentication and key agreement schemes. IEEE Commun. Surv. Tutor. 16, 2 (2014), 1005–1023.Google Scholar
Cross Ref
- Zhihan Lv and Neeraj Kumar. 2020. Software defined solutions for sensors in 6G/IoE, computer communications. Comput. Commun. 153 (2020), 42–47.Google Scholar
Cross Ref
- Khalid Mahmood, Jehangir Arshad, Shehzad Ashraf Chaudhry, and Saru Kumari. 2019. An enhanced anonymous identity-based key agreement protocol for smart grid advanced metering infrastructure. Int. J. Commun. Syst. 32 (2019), 16. DOI:https://doi.org/10.1002/dac.4137Google Scholar
Cross Ref
- Khalid Mahmood, Xiong Li, Shehzad Ashraf Chaudhry, Husnain Naqvi, Saru Kumari, Arun Kumar Sangaiah, and Joel J. P. C. Rodrigues. 2018. Pairing based anonymous and secure key agreement protocol for smart grid edge computing infrastructure. Fut. Gener. Comput. Syst. 88 (2018), 491–500. DOI:https://doi.org/10.1016/j.future.2018.06.004Google Scholar
Cross Ref
- Khwaja Mansoor, Anwar Ghani, Shehzad Ashraf Chaudhry, and Shahaboddin Shamshirband. 2019. Securing iot based rfid systems: A robust authentication protocol using symmetric cryptography. Sensors 19 (2019), 21. DOI:https://doi.org/10.3390/s19214752Google Scholar
Cross Ref
- T. S. Messerges, E. A. Dabbish, and R. H. Sloan. 2002. Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51, 5 (2002), 541–552. Google Scholar
Digital Library
- Arzoo Miglani and Neeraj Kumar. 2019. Deep learning models for traffic flow prediction in autonomous vehicles: A review, solutions, and challenges. Vehic. Commun. 20 (2019).Google Scholar
- J. Ni, K. Zhang, X. Lin, and X. S. Shen. 2018. Securing fog computing for internet of things applications: challenges and solutions. IEEE Commun. Surv. Tutor. 20, 1 (2018), 601–628.Google Scholar
Cross Ref
- Divya Prerna, Rajkumar Tekchandani, and Neeraj Kumar. 2020. Device-to-device content caching techniques in 5G: A taxonomy, solutions, and challenges. Comput. Commun. 153 (2020), 48–84.Google Scholar
Digital Library
- Sandeep Saharan, Seema Bawa, and Neeraj Kumar. 2020. Dynamic pricing techniques for intelligent transportation system in smart cities: a systematic review. Comput. Commun. 150 (2020), 603–625.Google Scholar
Digital Library
- W. Shi and P. Gong. 2013. A new user authentication protocol for wireless sensor networks using elliptic curves cryptography. Int. J. Distrib. Sens. Netw. 2013 (2013).Google Scholar
- Deepika Sirohi, Neeraj Kumar, and Prashant Singh Rana. 2020. Convolutional neural networks for 5G-enabled intelligent transportation system: A systematic review. Comput. Commun. 153 (2020), 459–498.Google Scholar
Cross Ref
- Jangirala Srinivas, Ashok Kumar Das, Neeraj Kumar, and Joel J. P. C. Rodrigues. 2019. TCALAS: temporal credential-based anonymous lightweight authentication scheme for internet of drones environment. IEEE Trans. Vehic. Technol. 68, 7 (2019), 6903–6916.Google Scholar
Cross Ref
- J. Srinivas, S. Mukhopadhyay, and D. Mishra. 2017. Secure and efficient user authentication scheme for multi-gateway wireless sensor networks. Ad Hoc Netw. 54 (2017), 147–169. Google Scholar
Digital Library
- M. Turkanovic, B. Brumen, and M. Holbl. 2014. A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks. Ad Hoc Netw. 20 (2014), 96–112.Google Scholar
Cross Ref
- B. Vaidya, D. Makrakis, and H. T. Mouftah. 2010. Improved two-factor user authentication in wireless sensor networks. In Proceedings of the 2nd International Workshop on Network Assurance and Security Services in Ubiquitous Environments, 600–606.Google Scholar
- M. Wazid, A. K. Das, V. Bhat, and A. V. Vasilakos. 2020. LAM-CIoT: lightweight authentication mechanism in cloud-based IoT environment. J. Netw. Comput. Appl. 150, 10249 (2020), 6.Google Scholar
Cross Ref
- M. Wolf and D. Serpanos. 2018. Safety and security in cyber-physical systems and internet-of-things systems. In Proc. IEEE 106, 1 (2018).Google Scholar
- F. Wu, L. Xu, S. Kumari, and X. Li. 2017. A privacy-preserving and provable user authentication scheme for wireless sensor networks based on internet of things security. J. Ambient Intell. Human. Comput. 8, 1 (2017), 101–116.Google Scholar
Cross Ref
- H. L. Yeh, T. H. Chen, P. C. Liu, T. H. Kim, and H. W. Wei. 2011. A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors 11, 5 (2011), 4767–4779.Google Scholar
Cross Ref
Index Terms
Rotating behind Privacy: An Improved Lightweight Authentication Scheme for Cloud-based IoT Environment
Recommendations
An Efficient Dual Encryption of IoMT data Using Lightweight Security Scheme for Cloud Based IoT Environment
SAC '23: Proceedings of the 38th ACM/SIGAPP Symposium on Applied ComputingAs Internet of Things (IoT) technology develops, medical equipment, wearables, sensors, and users can be linked together to create an ecosystem known as the Internet of Medical Things (IoMT). IoMT enhances the effectiveness, precision, and ...
A fine-grained attribute-based authentication for sensitive data stored in cloud computing
Attribute-Based Signature ABS is one of the important security primitives to realise anonymous authentication. In ABS, users cannot forge a signature with attributes they do not have even if they collude. In addition, a legitimate signer remains ...
Lightweight IoT-based authentication scheme in cloud computing circumstance
AbstractRecently, authentication technologies integrated with the Internet of Things (IoT) and cloud computing have been promptly investigated for secure data retrieval and robust access control on large-scale IoT networks. However, it does ...
Highlights- This study introduces a novel and efficient authentication protocol for the cloud architecture including IoT.






Comments