Skip to main content
SpringerLink
Log in

Signature-based three-factor authenticated key exchange for internet of things applications

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Internet of Things (IoT) is one of several technology trends, and IoT applications are found in a wide range of industry sectors such as healthcare and critical infrastructure. Authenticated key exchange schemes play an important role in protecting user and data privacy and ensuring the security of data-in-transit in IoT infrastructure (e.g. via user identification and provision of secure communication). However, designing secure authenticated key exchange (AKE) schemes remain a challenging task. In this paper, we reveal that Challa et al.’s three-factor AKE scheme is vulnerable to a number of known attacks. Then, we present an improved signature-based three-factor authenticated key exchange protocol and prove its security under the extended model of Bellare et al. (Tecnologia Electronica E Informatica 1807:139–155, 2000). A comparative summary is also presented, which demonstrates that our proposed scheme is sufficiently lightweight for IoT deployment and outperforms those of Challa et al. (IEEE Access 5:3028–3043, 2017) and Turkanovi et al. (Ad Hoc Netw 20(2):96–112, 2014), in terms of security features, computation and communication costs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Abdalla M, Fouque PA, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: International conference on theory and practice in public key cryptography, pp 65–84

  2. Amin R, Islam SH, Biswas GP, Khan MK, Leng L, Kumar N (2016) Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks. Comput Netw 101: 42–62

    Article  Google Scholar 

  3. Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54(15):2787–2805

    Article  MATH  Google Scholar 

  4. Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. Tecnologia Electronica E Informatica 1807:139–155

    MATH  Google Scholar 

  5. Challa S, Wazid M, Das AK, Kumar N, Reddy AG, Yoon EJ, Yoo KY (2017) Secure signature-based authenticated key establishment scheme for future iot applications. IEEE Access 5:3028–3043

    Article  Google Scholar 

  6. Chen CL, Lee CC, Hsu CY (2012) Mobile device integration of a fingerprint biometric remote authentication scheme. Wiley

  7. Das AK (2016) A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Networking and Applications 9(1):1–22

    Article  Google Scholar 

  8. Ding W, Ping W (2016) Two birds with one stone: two-factor authentication with security beyond conventional bound. IEEE Trans Dependable Secure Comput PP (99):1–1

    Google Scholar 

  9. Doshi N, Kumari S, Mishra D, Li X, Choo KKR, Sangaiah AK (2017) A password based authentication scheme for wireless multimedia systems. Multimedia Tools & Applications 1:1–26

    Google Scholar 

  10. Gennaro R (2008) Faster and shorter password-authenticated key exchange. In: Conference on theory of cryptography, pp 589–606

  11. Groce A, Katz J (2010) A new framework for efficient password-based authenticated key exchange. In: ACM conference on computer and communications security, pp 516–525

  12. Gubbi J, Buyya R, Marusic S, Palaniswami M (2013) Internet of things (iot): a vision, architectural elements, and future directions. Futur Gener Comput Syst 29(7):1645–1660

    Article  Google Scholar 

  13. Jiang Q, Khan MK, Lu X, Ma J, He D (2016) A privacy preserving three-factor authentication protocol for e-health clouds. J Supercomput 72(10):3826–3849

    Article  Google Scholar 

  14. Khan MK, Kumari S, Gupta MK (2014) More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing 96(9):793–816

    Article  MathSciNet  Google Scholar 

  15. Kumari S, Das AK, Wazid M, Li X, Wu F, Choo KR, Khan MK (2016) On the design of a secure user authentication and key agreement scheme for wireless sensor networks. Concurrency & Computation Practice & Experience 29(23):1–18

  16. Lee CC, Li CT, Chiu ST, Lai YM (2014) A new three-party-authenticated key agreement scheme based on chaotic maps without password table. Nonlinear Dyn 79(4):2485–2495

    Article  MathSciNet  MATH  Google Scholar 

  17. Li CT, Lee CC, Weng CY, Chen CM (2017) Towards secure authenticating of cache in the reader for rfid-based iot systems. Peer-to-Peer Networking and Applications 1–11. https://doi.org/10.1007/s12083-017-0564-6

  18. Li CT, Weng CY, Lee CC, Wang CC (2015) A hash based remote user authentication and authenticated key agreement scheme for the integrated epr information system. J Med Syst 39(11):144

    Article  Google Scholar 

  19. Nam J, Choo K-KR, Han S, Kim M, Paik J, Won D (2015) Efficient and anonymous two-factor user authentication in wireless sensor networks: achieving user anonymity with lightweight sensor computation. PLoS ONE 10(4):e0116709

    Article  Google Scholar 

  20. Tan Z (2014) A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J Med Syst 38(3):1–9

    Article  Google Scholar 

  21. Turkanovic M, Brumen B, Holbl M (2014) A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Netw 20(2):96–112

    Article  Google Scholar 

  22. Wu F, Xu L, Kumari S, Li X (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks. Comput Electr Eng 45(C):274–285

    Article  Google Scholar 

  23. Yang Y, Cai H, Wei Z, Lu H, Choo K-KR (2015) Towards lightweight anonymous entity authentication for iot applications. In: 21st australasian conference on information security and privacy, pp 265– 280

  24. Zhang M (2007) Computationally-efficient password authenticated key exchange based on quadratic residues. In: Progress in cryptology - indocrypt 2007, Proceedings of the international conference on cryptology in India, Chennai, India, December 9–13, 2007, pp 312–321

Download references

Author information

Authors and Affiliations

  1. School of Mathematics and Statistics, South-Central University for Nationalities, Wuhan, China

    Xiaoying Jia

  2. State Key Lab of Software Engineering, Computer School, Wuhan University, Wuhan, China

    Debiao He

  3. State Key Laboratory of Cryptology, Beijing, China

    Debiao He

  4. International School of Software, Wuhan University, Wuhan, China

    Li Li

  5. Department of Information Systems and Cyber Security, University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  6. School of Information Technology and Mathematical Sciences, University of South Australia, Adelaide, Australia

    Kim-Kwang Raymond Choo

Authors
  1. Xiaoying Jia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Debiao He
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Li Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kim-Kwang Raymond Choo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Debiao He.

Additional information

The work of X. Jia was supported in part by the Fundamental Research Funds for the Central Universities under Grant CZY15018 and in part by the National Natural Science Foundation of China under Grant No.61603419. The work of D. He was supported in part by the National Natural Science Foundation of China under Grant 61572379, and Grant 61501333.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Jia, X., He, D., Li, L. et al. Signature-based three-factor authenticated key exchange for internet of things applications. Multimed Tools Appl 77, 18355–18382 (2018). https://doi.org/10.1007/s11042-017-5560-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-017-5560-6

Keywords

Search

Navigation