skip to main content
research-article

Rotating behind Privacy: An Improved Lightweight Authentication Scheme for Cloud-based IoT Environment

Authors Info & Claims
Published:09 June 2021Publication History
Skip Abstract Section

Abstract

The advancements in the internet of things (IoT) require specialized security protocols to provide unbreakable security along with computation and communication efficiencies. Moreover, user privacy and anonymity has emerged as an integral part, along with other security requirements. Unfortunately, many recent authentication schemes to secure IoT-based systems were either proved as vulnerable to different attacks or prey of inefficiencies. Some of these schemes suffer from a faulty design that happened mainly owing to undue emphasis on privacy and anonymity alongside performance efficiency. This article aims to show the design faults by analyzing a very recent hash functions-based authentication scheme for cloud-based IoT systems with misunderstood privacy cum efficiency tradeoff owing to an unadorned design flaw, which is also present in many other such schemes. Precisely, it is proved in this article that the scheme of Wazid et al. cannot provide mutual authentication and key agreement between a user and a sensor node when there exists more than one registered user. We then proposed an improved scheme and proved its security through formal and informal methods. The proposed scheme completes the authentication cycle with a minor increase in computation cost but provides all security goals along with privacy.

References

  1. M. Abdalla, P. Fouque, and D. Pointcheval. 2005. Password-based authenticated key exchange in the three-party setting. In Proceedings of the 8th International Workshop on Theory and Practice in Public Key Cryptography (PKC’05), Lecture Notes in Computer Science , 65–84. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Shubhani Aggarwal and Neeraj Kumar. 2020. Path planning techniques for unmanned aerial vehicles: A review, solutions, and challenges. Comput. Commun. 149 (2020), 270–299.Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Z. Ali, S. A. Chaudhry, M. S. Ramzan, and F. Al-Turjman. 2020. Securing smart city surveillance: a lightweight authentication mechanism for unmanned vehicles. IEEE Access 8 (2020), 43711–43724. DOI:https://doi.org/10.1109/ACCESS.2020.2977817Google ScholarGoogle ScholarCross RefCross Ref
  4. Bander A. Alzahrani, Shehzad Ashraf Chaudhry, Ahmed Barnawi, Abdullah Al-Barakati, and Mohammed H. Alsharif. 2020. A privacy preserving authentication scheme for roaming in IoT-Based wireless mobile networks. Symmetry 12, 2 (2020), 287.Google ScholarGoogle ScholarCross RefCross Ref
  5. M. N. Aman, M. H. Basheer, S. Dash, J. W. Wong, J. Xu, H. W. Lim, and B. Sikdar. 2020. HAtt: hybrid remote attestation for the internet of things with high availability. IEEE IoT J. 7, 8 (2020), 7220–7233. DOI:https://doi.org/10.1109/JIOT.2020.2983655Google ScholarGoogle Scholar
  6. R. Amin, S. H. Islam, G. Biswas, M. K. Khan, L. Leng, and N. Kumar. 2016. Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks. Comput. Netw. 101 (2016), 42–62. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. R. Amin, N. Kumar, G. P. Biswas, R. Iqbal, and V. Chang. 2018. A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment, Fut. Gener. Comput. Syst. 78 (2018), 1005–1019. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. S. Banerjee, V. Odelu, A. K. Das, J. Srinivas, N. Kumar, S. Chattopadhyay, and K. K. R. Choo. 2019. A provably secure and lightweight anonymous user authenticated session key exchange scheme for internet of things deployment. IEEE IoT J. 6, 5 (2019), 8739–8752.Google ScholarGoogle Scholar
  9. Rajanpreet Kaur Chahal, Neeraj Kumar, and Shalini Batra. 2020. Trust management in social Internet of Things: A taxonomy, open issues, and challenges. Comput. Commun. 150 (2020), 13–46.Google ScholarGoogle ScholarCross RefCross Ref
  10. Sravani Challa, Ashok Kumar Das, Prosanta Gope, Neeraj Kumar, Fan Wu, and Athanasios V. Vasilakos. 2020. Design and Analysis of Authenticated Key Agreement Scheme in Cloud-assisted Cyber–physical Systems. Future Generation Computer Systems 108 (2020), 1267–1286.Google ScholarGoogle ScholarCross RefCross Ref
  11. S. Challa, M. Wazid, A. K. Das, N. Kumar, A. Goutham Reddy, E. Yoon, and K. Yoo. 2017. Secure signature-based authenticated key establishment scheme for future iot applications. IEEE Access 5 (2017), 3028–3043. DOI:https://doi.org/10.1109/ACCESS.2017.2676119Google ScholarGoogle ScholarCross RefCross Ref
  12. C. C. Chang, H. D. Le, and A. Provably Secure. 2016. Efficientand flexible authentication scheme for ad hoc wireless sensor networks, IEEE Trans. Wireless Commun. 15, 1 (2016), 357–366.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Rajat Chaudhary. 2019. Gagangeet Singh Aujla, Neeraj Kumar, Sherali Zeadally, lattice-based public key cryptosystem for internet of things environment: Challenges and solutions. IEEE IoT J. 6, 3 (2019), 4897–4909.Google ScholarGoogle Scholar
  14. S. A. Chaudhry, H. Alhakami, A. Baz, and F. Al-Turjman. 2020. Securing demand response management: A certificate-based access control in smart grid edge computing infrastructure. IEEE Access 8 (2020), 101235–101243. DOI:https://doi.org/10.1109/ACCESS.2020.2996093Google ScholarGoogle ScholarCross RefCross Ref
  15. Shehzad Ashraf Chaudhry, Taeshik Shon, Fadi Al-Turjman, and Mohammed H. Alsharif. 2020. Correcting design flaws: An improved and cloud assisted key agreement scheme in cyber physical systems. Comput. Commun. 153 (2020), 527–537. https://doi.org/10.1016/j.comcom.2020.02.025Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Ashok Kumar Das, Mohammad Wazid, Neeraj Kumar, Athanasios V. Vasilakos, and Joel J. P. C. Rodrigues. 2018. Biometrics-based privacy-preserving user authentication scheme for cloud-based industrial internet of things deployment. IEEE IoT J. 5, 6 (2018), 4900–4913.Google ScholarGoogle Scholar
  17. M. L. Das. 2009. Two-factor user authentication in wireless sensor networks. IEEE Trans. Wireless Commun. 8, 3 (2009), 1086–1090. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. D. Dolev and A. Yao. 1983. On the security of public key protocols. IEEE Trans. Inf. Theory 29, 2 (1983), 198–208. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. M. S. Farash, M. Turkanovic, S. Kumari, and M. Holbl. 2016. An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment. Ad Hoc Netw. 36 (2016), 152. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Anwar Ghani, Khwaja Mansoor, Shahid Mehmood, Shehzad Ashraf Chaudhry, Arif Ur Rahman, and Malik Najmus Saqib. 2019. Security and Key Management in IoT based wireless sensor networks: an authentication protocol using symmetric key. Int. J. Commun. Syst. 32 (2019), 16. DOI:https://doi.org/10.1002/dac.4139Google ScholarGoogle ScholarCross RefCross Ref
  21. Rajesh Gupta, Sudeep Tanwar, Sudhanshu Tyagi, and Neeraj Kumar. 2019. Tactile internet and its applications in 5G era: A comprehensive review. Int. J. Commun. Syst. 32 (2019), 14.Google ScholarGoogle ScholarCross RefCross Ref
  22. Rajesh Gupta, Sudeep Tanwar, Sudhanshu Tyagi, and Neeraj Kumar. 2020. Machine learning models for secure data analytics: a taxonomy and threat model. Comput. Commun. 153 (2020), 406–440.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Mahmood Ul Hassan, Shehzad Ashraf Chaudhry, and Azeem Irshad. 2020. An improved SIP authenticated key agreement based on Dongqing et al.Wireless Pers. Commun. 110, 4 (2020), 2087–2107.Google ScholarGoogle ScholarCross RefCross Ref
  24. W. B. Hsieh, J. S. Leu, and A. Robust. 2014. User authentication scheme using dynamic identity in wireless sensor networks. Wireless Pers. Commun. 77, 2 (2014), 979–989. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Sajid Hussain and Shehzad Ashraf Chaudhry. 2019. Comments on ”biometrics-based privacy-preserving user authentication scheme for cloud-based industrial internet of things deployment.”IEEE IoT J. 6, 6 (2019), 10936–10940.Google ScholarGoogle Scholar
  26. A. Irshad, S. A. Chaudhry, O. A. Alomari, K. Yahya, and N. Kumar. 2020. A novel pairing-free lightweight authentication protocol for mobile cloud computing framework. IEEE Syst. J. (2020), 1–9. DOI:https://doi.org/10.1109/JSYST.2020.2998721Google ScholarGoogle Scholar
  27. A. Irshad, M. Usman, S. A. Chaudhry, H. Naqvi, and M. Shafiq. 2020. A provably secure and efficient authenticated key agreement scheme for energy internet-based vehicle-to-grid technology framework. IEEE Trans. Industr. Appl. 56, 4 (2020), 4425–4435. DOI:https://doi.org/10.1109/TIA.2020.2966160Google ScholarGoogle Scholar
  28. U. Javaid, M. N. Aman, and B. Sikdar. 2020. A scalable protocol for driving trust management in internet of vehicles with blockchain. IEEE IoT J. 7, 12 (2020), 11815–11829. DOI:https://doi.org/10.1109/JIOT.2020.3002711Google ScholarGoogle Scholar
  29. Q. Jiang, S. Zeadally, J. Ma, and D. He. 2017. Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks. IEEE Access 5 (2017), 3376–3392.Google ScholarGoogle ScholarCross RefCross Ref
  30. N. Khalil, M. R. Abid, D. Benhaddou, and M. Gerndt. 2014. Wireless sensors networks for internet of things. In Proceedings of the International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP’14),1–6.Google ScholarGoogle Scholar
  31. M. K. Khan and K. Alghathbar. 2010. Cryptanalysis and security improvements of a two-factor user authentication in wireless sensor networks. Sensors 10, 3 (2010), 2450–2459.Google ScholarGoogle ScholarCross RefCross Ref
  32. H. H. Kilinc and A T. Yanik. 2014. survey of sip authentication and key agreement schemes. IEEE Commun. Surv. Tutor. 16, 2 (2014), 1005–1023.Google ScholarGoogle ScholarCross RefCross Ref
  33. Zhihan Lv and Neeraj Kumar. 2020. Software defined solutions for sensors in 6G/IoE, computer communications. Comput. Commun. 153 (2020), 42–47.Google ScholarGoogle ScholarCross RefCross Ref
  34. Khalid Mahmood, Jehangir Arshad, Shehzad Ashraf Chaudhry, and Saru Kumari. 2019. An enhanced anonymous identity-based key agreement protocol for smart grid advanced metering infrastructure. Int. J. Commun. Syst. 32 (2019), 16. DOI:https://doi.org/10.1002/dac.4137Google ScholarGoogle ScholarCross RefCross Ref
  35. Khalid Mahmood, Xiong Li, Shehzad Ashraf Chaudhry, Husnain Naqvi, Saru Kumari, Arun Kumar Sangaiah, and Joel J. P. C. Rodrigues. 2018. Pairing based anonymous and secure key agreement protocol for smart grid edge computing infrastructure. Fut. Gener. Comput. Syst. 88 (2018), 491–500. DOI:https://doi.org/10.1016/j.future.2018.06.004Google ScholarGoogle ScholarCross RefCross Ref
  36. Khwaja Mansoor, Anwar Ghani, Shehzad Ashraf Chaudhry, and Shahaboddin Shamshirband. 2019. Securing iot based rfid systems: A robust authentication protocol using symmetric cryptography. Sensors 19 (2019), 21. DOI:https://doi.org/10.3390/s19214752Google ScholarGoogle ScholarCross RefCross Ref
  37. T. S. Messerges, E. A. Dabbish, and R. H. Sloan. 2002. Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51, 5 (2002), 541–552. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Arzoo Miglani and Neeraj Kumar. 2019. Deep learning models for traffic flow prediction in autonomous vehicles: A review, solutions, and challenges. Vehic. Commun. 20 (2019).Google ScholarGoogle Scholar
  39. J. Ni, K. Zhang, X. Lin, and X. S. Shen. 2018. Securing fog computing for internet of things applications: challenges and solutions. IEEE Commun. Surv. Tutor. 20, 1 (2018), 601–628.Google ScholarGoogle ScholarCross RefCross Ref
  40. Divya Prerna, Rajkumar Tekchandani, and Neeraj Kumar. 2020. Device-to-device content caching techniques in 5G: A taxonomy, solutions, and challenges. Comput. Commun. 153 (2020), 48–84.Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Sandeep Saharan, Seema Bawa, and Neeraj Kumar. 2020. Dynamic pricing techniques for intelligent transportation system in smart cities: a systematic review. Comput. Commun. 150 (2020), 603–625.Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. W. Shi and P. Gong. 2013. A new user authentication protocol for wireless sensor networks using elliptic curves cryptography. Int. J. Distrib. Sens. Netw. 2013 (2013).Google ScholarGoogle Scholar
  43. Deepika Sirohi, Neeraj Kumar, and Prashant Singh Rana. 2020. Convolutional neural networks for 5G-enabled intelligent transportation system: A systematic review. Comput. Commun. 153 (2020), 459–498.Google ScholarGoogle ScholarCross RefCross Ref
  44. Jangirala Srinivas, Ashok Kumar Das, Neeraj Kumar, and Joel J. P. C. Rodrigues. 2019. TCALAS: temporal credential-based anonymous lightweight authentication scheme for internet of drones environment. IEEE Trans. Vehic. Technol. 68, 7 (2019), 6903–6916.Google ScholarGoogle ScholarCross RefCross Ref
  45. J. Srinivas, S. Mukhopadhyay, and D. Mishra. 2017. Secure and efficient user authentication scheme for multi-gateway wireless sensor networks. Ad Hoc Netw. 54 (2017), 147–169. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. M. Turkanovic, B. Brumen, and M. Holbl. 2014. A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks. Ad Hoc Netw. 20 (2014), 96–112.Google ScholarGoogle ScholarCross RefCross Ref
  47. B. Vaidya, D. Makrakis, and H. T. Mouftah. 2010. Improved two-factor user authentication in wireless sensor networks. In Proceedings of the 2nd International Workshop on Network Assurance and Security Services in Ubiquitous Environments, 600–606.Google ScholarGoogle Scholar
  48. M. Wazid, A. K. Das, V. Bhat, and A. V. Vasilakos. 2020. LAM-CIoT: lightweight authentication mechanism in cloud-based IoT environment. J. Netw. Comput. Appl. 150, 10249 (2020), 6.Google ScholarGoogle ScholarCross RefCross Ref
  49. M. Wolf and D. Serpanos. 2018. Safety and security in cyber-physical systems and internet-of-things systems. In Proc. IEEE 106, 1 (2018).Google ScholarGoogle Scholar
  50. F. Wu, L. Xu, S. Kumari, and X. Li. 2017. A privacy-preserving and provable user authentication scheme for wireless sensor networks based on internet of things security. J. Ambient Intell. Human. Comput. 8, 1 (2017), 101–116.Google ScholarGoogle ScholarCross RefCross Ref
  51. H. L. Yeh, T. H. Chen, P. C. Liu, T. H. Kim, and H. W. Wei. 2011. A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors 11, 5 (2011), 4767–4779.Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. Rotating behind Privacy: An Improved Lightweight Authentication Scheme for Cloud-based IoT Environment

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on Internet Technology
        ACM Transactions on Internet Technology  Volume 21, Issue 3
        August 2021
        522 pages
        ISSN:1533-5399
        EISSN:1557-6051
        DOI:10.1145/3468071
        • Editor:
        • Ling Liu
        Issue’s Table of Contents

        Copyright © 2021 Association for Computing Machinery.

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 9 June 2021
        • Accepted: 1 September 2020
        • Revised: 1 August 2020
        • Received: 1 June 2020
        Published in toit Volume 21, Issue 3

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      HTML Format

      View this article in HTML Format .

      View HTML Format
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!