Abstract
With the increased number of smart devices in IoT and cloud, communication messages are exchanged extensively throughout the network. This requires secure data transfer between the user and the IoT node, and it entails appropriate mutual authentication and a key establishment mechanism. In this paper, a secure authentication and key agreement mechanism for cloud-based IoT based on elliptic curve cryptography, which provides complete anonymity, has been developed and proposed. The proposed mechanism satisfies multiple security attributes, including confidentiality, the anonymity of the user, anonymity of the IoT node, mutual authentication, secret key establishment, integrity, key privacy, non-repudiation, forward secrecy, and availability. Moreover, security analysis has revealed that the proposed mechanism is safe from replay, user impersonation, gateway impersonation, denial of service, man-in-the-middle, lost/stolen device, de-synchronization, known-key, parallel session, gateway bypassing, and offline password guessing attacks. Formal security analysis of the proposed protocol using BAN logic and ROR model has been carried out to ensure the security of the authentication process and the secrecy of the established key respectively. Comparative analysis of the security functionalities has established that the proposed mechanism provides the highest security in comparison to the other related schemes. The proposed mechanism has also removed the requirement of using a secure communication channel for the registration of an IoT node with the gateway. Though, the proposed mechanism consumes more computational and communication overhead, but in view of trade-off between security functions and performance, the proposed protocol outperforms the other existing IoT authentication protocols.
Similar content being viewed by others
References
Abdalla M, Fouque PA, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In international workshop on public key cryptography (pp. 65-84). Springer, Berlin, Heidelberg
Agilandeeswari L, Paliwal S, Chandrakar A, Prabukumar M (2022) A new lightweight conditional privacy preserving authentication and key–agreement protocol in social internet of things for vehicle to smart grid networks. Multimed Tools Appl 81:1–28
Amin R, Islam SH, Biswas GP, Giri D, Khan MK, Kumar N (2016) A more secure and privacy‐aware anonymous user authentication scheme for distributed mobile cloud computing environments. Future Gener Comput Syst 78:1005–1019
Amin R, Kumar N, Biswas GP, Iqbal R, Chang V (2018) A light weight authentication protocol for IoT-enabled devices in distributed cloud computing environment. Future Gener Comput Syst 78:1005–1019
Azrour, M, Mabrouki, J, Chaganti, R (2021) New Efficient and Secured Authentication Protocol for Remote Healthcare Systems in Cloud-IoT Security and Communication Networks, 2021
Banerjee S, Odelu V, Das AK, Chattopadhyay S, Park Y (2020) An efficient, anonymous and robust authentication scheme for smart home environments. Sensors 20(4):1215
Boneh, D (1998) The decision Diffe-Hellman problem. In Proceedings of the Third Algorithmic Number Theory Symposium (pp. 48–63)
Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proceedings of the Royal Society of London. A Math Phys Sci 426(1871):233–271
Caruccio L, Desiato D, Polese G, Tortora G (2020) GDPR compliant information confidentiality preservation in big data processing. IEEE Access 8:205034–205050
Challa S, Wazid M, Das AK, Kumar N, Reddy AG, Yoon EJ, Yoo KY (2017) Secure signature-based authenticated key establishment scheme for future IoT applications. IEE Access 5:3028–3043
Chang CC, Le HD (2015) A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Trans Wirel Commun 15(1):357–366
Chen YC, Chuang SC, Yeh LY, Huang JL (2011) A practical authentication protocol with anonymity for wireless access networks. Wirel Commun Mob Comput 11(10):1366–1375
Chen K, Zhang S, Li Z, Zhang Y, Deng Q, Ray S, Jin Y (2018) Internet-of-things security and vulnerabilities: taxonomy, challenges, and practice. J Hardware Syst Secur 2(2):97–110
Chen H, Xu C, Xu Z, Tu X (2019) An enhanced lightweight biometric-based three-factor anonymous authentication protocol for mobile cloud computing. In: 2019 IEEE 21st international conference on high performance computing and communications; IEEE 17th international conference on Smart City; IEEE 5th international conference on data science and systems (HPCC/SmartCity/DSS). IEEE, pp 1682–1691
Chen, CM, Li, X, Liu, S, Wu, ME, Kumari, S (2022) Enhanced Authentication Protocol for the Internet of Things Environment Security and Communication Networks, 2022
Das AK, Goswami A (2015) A robust anonymous biometric-based remote user authentication scheme using smart cards. J King Saud Univ-Comput Inf Sci 27(2):193–210
Das AK, Kalam S, Sahar N, Sinha D (2020) UCFL: user categorization using fuzzy logic towards PUF based two-phase authentication of fog assisted IoT devices. Comput Secur 97:101938
Das AK, Tabassum A, Sadaf S, Sinha D (2020) Attack prevention scheme for privacy preservation (apsp) using k anonymity in location based services for iot. In computational intelligence in pattern recognition (pp. 267–277). Springer, Singapore
Dhillon PK, Kalra S (2017) A lightweight biometrics based remote user authentication scheme for IoT services. J Inf Secur Appl 34:255–270
Fadi AT, Deebak BD (2020) Seamless authentication: for IoT-big data technologies in smart industrial application systems. IEEE Trans Indust Inf 17(4):2919–2927
Fakroon M, Alshahrani M, Gebali F, Traore I (2020) Secure remote anonymous user authentication scheme for smart home environment. Int Things 9:100158
Fouda MM, Fadlullah ZM, Kato N, Lu R, Shen XS (2011) A lightweight message authentication scheme for smart grid communications. IEEE Trans Smart Grid 2(4):675–685
Ghani A, Mansoor K, Mehmood S, Chaudhry SA, Rahman AU, Najmus Saqib M (2019) Security and key management in IoT-based wireless sensor networks: an authentication protocol using symmetric key. Int J Commun Syst 32(16):e4139
Hussain, K, Jhanjhi, NZ, Mati-ur-Rahman, H, Hussain, J, Islam, MH (2019) Using a systematic framework to critically analyze proposed smart card based two factor authentication schemes. J King Saud Univ-Comput Inf Sci
Iqbal W, Abbas H, Daneshmand M, Rauf B, Bangash YA (2020) An in-depth analysis of IoT security requirements, challenges, and their countermeasures via software-defined security. IEEE Internet Things J 7(10):10250–10276
Islam SH, Amin R, Biswas GP, Farash MS, Li X, Kumari S (2017) An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments. J King Saud Univ-Comput Inf Sci 29(3):311–324
Kalra S, Sood SK (2015) Secure authentication scheme for IoT and cloud servers. Pervasive Mob Comput 24:210–223
Khan MK, Kumari S, Gupta MK (2014) More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing 96(9):793–816
Koblitz N, Menezes A, Vanstone S (2000) The state of elliptic curve cryptography. Des Codes Crypt 19(2):173–193
Kumari S (2017) Design flaws of “an anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography”. Multimed Tools Appl 76(11):13581–13583
Kumari S, Li X, Wu F, Das AK, Arshad H, Khan MK (2016) A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps. Futur Gener Comput Syst 63:56–75
Kumari S, Karuppiah M, Das AK, Li X, Wu F, Kumar N (2018) A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers. J Supercomput 74(12):6428–6453
Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772
Lauter KE, Stange KE (2008) The elliptic curve discrete logarithm problem and equivalent hard problems for elliptic divisibility sequences. In international workshop on selected areas in cryptography (pp. 309–327). Springer, Berlin, Heidelberg
Li, L (2012) Study on security architecture in the internet of things. In proceedings of 2012 international conference on measurement, information and control (Vol. 1, pp. 374-377). IEEE
Li X, Qiu W, Zheng D, Chen K, Li J (2010) Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans Ind Electron 57(2):793–800
Li X, Xiong Y, Ma J, Wang W (2012) An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769
Lu Y, Li L, Peng H, Yang Y (2017) An anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl 76(2):1801–1815
Luo, H, Wang, F, Xu, G (2021) Provably Secure ECC-Based Three-Factor Authentication Scheme for Mobile Cloud Computing with Offline Registration Centre Wirel Commun Mob Comput, 2021
Maitra T, Islam SH, Amin R, Giri D, Khan MK, Kumar N (2016) An enhanced multi-server authentication protocol using password and smart-card: cryptanalysis and design. Secur Commun Netw 9(17):4615–4638
Malik, MY (2010) Efficient implementation of elliptic curve cryptography using low-power digital signal processor. In 2010 the 12th international conference on advanced communication technology (ICACT) (Vol. 2, pp. 1464-1468). IEEE
Martínez-Peláez R, Toral-Cruz H, Parra-Michel JR, García V, Mena LJ, Félix VG, Ochoa-Brust A (2019) An enhanced lightweight IoT-based authentication scheme in cloud computing circumstances. Sensors 19(9):2098
Mishra D, Das AK, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41(18):8129–8143
Mo J, Hu Z, Chen H, Shen W (2019) An efficient and provably secure anonymous user authentication and key agreement for mobile cloud computing. Wirel Commun Mob Comput 2019:4520685
Ouafi K, Phan RCW (2008) Traceable privacy of recent provably-secure RFID protocols. In international conference on applied cryptography and network security. Springer, Berlin, Heidelberg, pp 479–489
Pal S, Hitchens M, Rabehaja T, Mukhopadhyay S (2020) Security requirements for the internet of things: a systematic approach. Sensors 20(20):5897
Panda PK, Chattopadhyay S (2020) A secure mutual authentication protocol for IoT environment. J Reliable Intell Environ 6(2):79–94
Park DS (2018) Future computing with IoT and cloud computing. J Supercomput 74(12):6401–6407
Park K, Park Y, Park Y, Reddy AG, Das AK (2017) Provably secure and efficient authentication protocol for roaming service in global mobility networks. IEEE Access 5:25110–25125
Porambage P, Schmitt C, Kumar P, Gurtov A, Ylianttila M (2014) Two-phase authentication protocol for wireless sensor networks in distributed IoT applications. In: 2014 IEEE wireless communications and networking conference (WCNC). IEEE, pp 2728–2733
Ray, S, Biswas, GP (2011) Design of mobile-PKI for using mobile phones in various applications. In 2011 international conference on recent trends in information systems (pp. 297-302). IEEE
Ray S, Biswas GP, Dasgupta M (2016) Secure multi-purpose mobile-banking using elliptic curve cryptography. Wirel Pers Commun 90(3):1331–1354
Sadhukhan D, Ray S, Biswas GP, Khan MK, Dasgupta M (2021) A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography. J Supercomput 77(2):1114–1151
Sharma G, Kalra S (2018) A lightweight multi-factor secure smart card based remote user authentication scheme for cloud-IoT applications. J Inf Secur Appl 42:95–106
Shparlinski I (2011) Computational Di_e-Hellman problem. In: Encyclopedia of cryptography and security. Springer, Berlin/Heidelberg, pp 240–244
Shuai M, Yu N, Wang H, Xiong L (2019) Anonymous authentication scheme for smart home environment with provable security. Comput Secur 86:132–146
Singh AK, Patro BDK (2019) Security of low computing power devices: a survey of requirements, challenges & possible solutions. Cybernet Inf Technol 19(1):133–164
Singh, AK, Patro, DB (2019) A novel security protocol for wireless sensor networks based on elliptic curve Signcryption. Int J Comput Netw Commun (IJCNC) Vol, 11
Singh AK, Solanki A, Nayyar A, Qureshi B (2020) Elliptic curve signcryption-based mutual authentication protocol for smart cards. Appl Sci 10(22):8291
Sood SK, Sarje AK, Singh K (2011) A secure dynamic identity based authentication protocol for multi-server architecture. J Netw Comput Appl 34(2):609–618
Souri A, Norouzi M (2019) A state-of-the-art survey on formal verification of the internet of things applications. J Serv Sci Res 11(1):47–67
Sowjanya K, Dasgupta M, Ray S (2021) Elliptic curve cryptography based authentication scheme for internet of medical things. J Inf Secur Appl 58:102761
Subramanian EK, Tamilselvan L (2020) Elliptic curve Diffie–Hellman cryptosystem in big data cloud security. Cluster Comput 23(4):1–11
Tabassum A, Sadaf S, Sinha D, Das AK (2020) Secure anti-void energy-efficient routing (SAVEER) protocol for WSN-based IoT network. In advances in computational intelligence (pp. 129–142). Springer, Singapore
Taher BH, Liu H, Abedi F, Lu H, Yassin AA, Mohammed AJ (2021) A secure and lightweight three-factor remote user authentication protocol for future IoT applications. J Sens 2021:1–18
Thakare A, Kim YG (2021) Secure and efficient authentication scheme in IoT environments. Appl Sci 11(3):1260
Tsai JL, Wu TC, Tsai KY (2010) New dynamic ID authentication scheme using smart cards. Int J Commun Syst 23(12):1449–1462
Wang D, Wang P (2016) Two birds with one stone: two-factor authentication with security beyond conventional bound. IEEE Trans Depend Secure Comput 15(4):708–722
Wang D, Wang P (2018) Two birds with one stone: two-factor authentication with security beyond conventional bound. IEEE Trans Depend Secur Comput 15(4):708–722
Wang D, Cheng H, Wang P, Huang X, Jian G (2017) Zipf’s law in passwords. IEEE Trans Inf Forensic Secur 12(11):2776–2791
Wang C, Ding K, Li B, Zhao Y, Xu G, Guo Y, Wang P (2018) An enhanced user authentication protocol based on elliptic curve cryptosystem in cloud computing environment. Wirel Commun Mob Comput. https://doi.org/10.1155/2018/3048697
Wang D, Zhang X, Zhang Z, Wang P (2020) Understanding security failures of multi-factor authentication schemes for multi-server environments. Comput Secur 88:101619
Wang, F, Xu, G, Xu, G, Wang, Y, Peng, J (2020) A robust IoT-based three-factor authentication scheme for cloud computing resistant to session key exposure Wirel Commun Mob Comput, 2020
Wazid M, Das AK, Odelu V, Kumar N, Conti M, Jo M (2017) Design of secure user authenticated key management protocol for generic IoT networks. IEEE Internet Things J 5(1):269–282
Wu S, Zhu Y, Pu Q (2012) Robust smart-cards-based user authentication scheme with user anonymity. Secur Commun Netw 5(2):236–248
Wu HL, Chang CC, Zheng YZ, Chen LS, Chen CC (2020) A secure IoT-based authentication system in cloud computing environment. Sensors 20(19):5604
Xie Q, Hu B, Tan X, Bao M, Yu X (2014) Robust anonymous two-factor authentication scheme for roaming service in global mobility network. Wirel Pers Commun 74(2):601–614
Xue K, Ma C, Hong P, Ding R (2013) A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. J Netw Comput Appl 36(1):316–323
Yang, D, Yang, B (2010) A biometric password-based multi-server authentication scheme with smart card. In 2010 international conference on computer design and applications (Vol. 5, pp. V5-554). IEEE
Yu S, Park K, Park Y (2019) A secure lightweight three-factor authentication scheme for IoT in cloud computing environment. Sensors 19(16):3598
Zhou L, Li X, Yeh KH, Su C, Chiu W (2019) Lightweight IoT-based authentication scheme in cloud computing circumstance. Future Gener Comput Syst 91:244–251
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
Authors declare that there is no conflicts of interests of any sort associated with this manusctipt.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Singh, A.K., Nayyar, A. & Garg, A. A secure elliptic curve based anonymous authentication and key establishment mechanism for IoT and cloud. Multimed Tools Appl 82, 22525–22576 (2023). https://doi.org/10.1007/s11042-022-14140-z
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-022-14140-z