Skip to main content

Advertisement

Springer Nature Link
Log in

A privacy-preserving code-based authentication protocol for Internet of Things

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT) is an upcoming technology that permits to interconnect different devices and machines using heterogeneous networks. One of the most critical issues in IoT is to secure communication between IoT components. The communication between the different IoT components is insecure, which requires the design of a secure authentication protocol and uses hardness cryptographic primitives. In 2017, Wang et al. proposed an improved authentication protocol based on elliptic curve cryptography for IoT. In this paper, we demonstrate that Wang et al.’s protocol is not secure. Additionally, we propose a privacy-preserving authentication protocol using code-based cryptosystem for IoT environments. The code-based cryptography is an important post-quantum cryptography that can resist quantum attacks. It is agreed in design several cryptographic schemes. To assess the proposed protocol, we carry out a security and performance analysis. Informal security analysis and formal security validation show that our protocol achieves different security and privacy requirements and can resist several common attacks, such as desynchronization attacks, quantum attacks, and replay attacks. Moreover, the performance evaluation indicates that our protocol is compatible with capabilities of IoT devices.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Alamr AA, Kausar F, Kim J, Seo C (2018) A secure ECC-based RFID mutual authentication protocol for internet of things. J Supercomput 74(9):4281–4294

    Article  Google Scholar 

  2. Aman MN, Chua KC, Sikdar B (2017) Mutual authentication in IoT systems using physical unclonable functions. IEEE Internet Things J 4(5):1327–1340

    Article  Google Scholar 

  3. Armando A, Basin D, Boichut Y, Chevalier Y, Compagna L, Cuellar J, Drielsma PH, Heám PC, Kouchnarenko O, Mantovani J, Mödersheim S, von Oheimb D, Rusinowitch M, Santiago J, Turuani M, Viganò L, Vigneron L (2005) The AVISPA tool for the automated validation of internet security protocols and applications. In: International Conference on Computer Aided Verification. Springer, pp 281–285

  4. Bernstein D (eds) T.L.: eBACS: ECRYPT benchmarking of cryptographic systems. http://bench.cr.yp.to/results-encrypt.html. Accessed 22 Nov 2017

  5. Bernstein DJ (2006) Curve25519: new Diffie–Hellman speed records. In: Yung M, Dodis Y, Kiayias A, Malkin T (eds) Public key cryptography. PKC 2006. LNCS, vol 3985. Springer, pp 207–228

  6. Bernstein DJ (2010) Grover versus McEliece. In: Sendrier N (ed) Post-quantum cryptography. PQCrypto 2010. LNCS, vol 6061. Springer, pp 73–80

  7. Bernstein DJ, Chou T, Schwabe P (2013) McBits: fast constant-time code-based cryptography. In: Bertoni G, Coron JS (eds) Cryptographic hardware and embedded systems. CHES 2013. LNCS, vol 8086. Springer, pp 250–272

  8. Bernstein DJ, Chuengsatiansup C, Lange T, van Vredendaal C (2016) NTRU prime. http://eprint.iacr.org/2016/461

  9. Bernstein DJ, Lange T, Peters C (2011) Smaller decoding exponents: ball-collision decoding. In: CRYPTO 2011. LNCS, vol 6841. Springer, pp 743–760

  10. Bormann C, Ersue M, Keranen A (2014) Terminology for constrained-node networks. RFC 7228 (Informational). https://www.rfc-editor.org/rfc/rfc7228.txt

  11. Bosmans J, Roy SS, Jarvinen K, Verbauwhede I (2016) A tiny coprocessor for elliptic curve cryptography over the 256-bit NIST prime field. In: 2016 29th International Conference on VLSI Design and 2016 15th International Conference on Embedded Systems (VLSID), pp 523–528

  12. Butt TA, Afzaal M (2019) Security and privacy in smart cities: issues and current solutions. In: Al-Masri A, Curran K (eds) Smart technologies and innovation for a sustainable future. Springer, New York, pp 317–323

    Chapter  Google Scholar 

  13. Cayrel PL, Gueye CT, Mboup EHM, Ndiaye O, Persichetti E (2017) Efficient implementation of hybrid encryption from coding theory. In: El Hajji S, Nitaj A, Souidi EM (eds) Codes, cryptology and information security. C2SI 2017. LNCS, vol 10194. Springer, pp 254–264

  14. Cayrel PL, Hoffmann G, Persichetti E (2012) Efficient implementation of a CCA2-secure variant of McEliece using generalized srivastava codes. In: Fischlin M, Buchmann J, Manulis M (eds) Public key cryptography. PKC 2012. LNCS, vol 7293. Springer, pp 138–155

  15. Chang CC, Wu HL, Sun CY (2017) Notes on “secure authentication scheme for IoT and cloud server”. Pervasive Mobile Comput 38:275–278

    Article  Google Scholar 

  16. Cheon JH, Kim D, Lee J, Song Y (2016) Lizard: Cut off the tail! practical post-quantum public-key encryption from lwe and lwr. Cryptology ePrint archive, report 2016/1126. https://eprint.iacr.org/2016/1126

  17. Chikouche N, Cherif F, Cayrel PL, Benmohammed M (2017) RFID authentication protocols based on error-correcting codes: a survey. Wirel Pers Commun 96(1):509–527

    Article  Google Scholar 

  18. Chou T (2016) QcBits: constant-time small-key code-based cryptography. In: Gierlichs B, Poschmann AY (eds) Cryptographic hardware and embedded systems. CHES 2016. LNCS, vol 9813. Springer, pp 280–300

  19. D-Wave Systems Inc.: The D-wave 2000Q quantum computer: technology overview. http://www.dwavesys.com/. Last Accessed 1 Mar 2018

  20. Daniel A, Lejla B et al (2015) Initial recommendations of long-term secure post-quantum systems. PQCRYPTO. EU. Horizon. 2020 ICT-645622

  21. Das AK, Zeadally S, He D (2018) Taxonomy and analysis of security protocols for internet of things. Future Gen Comput Syst 89:110–125

    Article  Google Scholar 

  22. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  MathSciNet  Google Scholar 

  23. El-hajj M, Fadlallah A, Chamoun M, Serhrouchni A (2019) A survey of internet of things (IoT) authentication schemes. Sensors 19(5):1141

    Article  Google Scholar 

  24. Evans D (2011) The internet of things how the next evolution of the internet is changing everything. CISCO white paper 1(2011):1–11

    Google Scholar 

  25. Ferrag MA, Maglaras LA, Janicke H, Jiang J, Shu L (2017) Authentication protocols for internet of things: a comprehensive survey. Secur Commun Networks 2017:6562953. https://doi.org/10.1155/2017/6562953

    Article  Google Scholar 

  26. Finiasz M, Sendrier N (2009) Security bounds for the design of code-based cryptosystems. In: Advances cryptology, asiacrypt 2009. LNCS, vol 5912. Springer, pp 88–105

  27. Gope P, Sikdar B (2018) Lightweight and privacy-preserving two-factor authentication scheme for IoT devices. IEEE Internet Things J 6(1):580–589

    Article  Google Scholar 

  28. Jan M, Nanda P, Usman M, He X (2017) PAWN: a payload-based mutual authentication scheme for wireless sensor networks. Concurr Comput Pract Exp 29(17):e3986

    Article  Google Scholar 

  29. Kalra S, Sood SK (2015) Secure authentication scheme for IoT and cloud servers. Pervasive Mobile Comput 24:210–223

    Article  Google Scholar 

  30. Kumari S, Karuppiah M, Das AK, Li X, Wu F, Kumar N (2017) A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers. J Supercomput 74(12):6428–6453

    Article  Google Scholar 

  31. Li N, Liu D, Nepal S (2017) Lightweight mutual authentication for IoT and its applications. IEEE Trans Sustain Comput 2(4):359–370

    Article  Google Scholar 

  32. Liu Z, Wenger E, Großschädl J (2014) MoTE-ECC: energy-scalable elliptic curve cryptography for wireless sensor networks. In: Boureanu I, Owesarski P, Vaudenay S (eds) Applied cryptography and network security. LNCS, vol 8479. Springer, pp 361–379

  33. Lyu C, Gu D, Zeng Y, Mohapatra P (2016) PBA: prediction-based authentication for vehicle-to-vehicle communications. IEEE Trans Depend Secure Comput 13(1):71–83

    Article  Google Scholar 

  34. Maarof A, Senhadji M, Labbi Z, Belkasmi M (2018) Authentication protocol for securing internet of things. In: Proceedings of the Fourth International Conference on Engineering & MIS 2018. ACM, pp 29:1–29:7

  35. Mailloux LO, Lewis CD II, Riggs C, Grimaila MR (2016) Post-quantum cryptography: what advancements in quantum computing mean for it professionals. IT Prof 18(5):42–47

    Article  Google Scholar 

  36. McEliece RJ (1978) A public-key system based on algebraic coding theory. Tech. Rep. DSN progress report 44. Jet Propulsion Lab

  37. Merkle RC (1988) A digital signature based on a conventional encryption function. In: Pomerance C (ed) Advances in cryptology-CRYPTO ’87. LNCS, vol 293. Springer, pp 369–378

  38. Misoczki R, Tillich JP, Sendrier N, Barreto PS (2013) MDPC-McEliece: new McEliece variants from moderate density parity-check codes. In: IEEE International Symposium on Information Theory Proceedings (ISIT). IEEE, pp 2069–2073

  39. NIST: Post-Quantum Cryptography Standardization (2016). https://csrc.nist.gov/projects/post-quantum-cryptography. Last Accessed 15 May 2018

  40. Ouafi K, Phan RCW (2008) Privacy of recent RFID authentication protocols. In: Chen L, Mu Y, Susilo W (eds) Information security practice and experience. ISPEC 2008. LNCS, vol 4991. Springer, pp 263–277

  41. Roshan R, Sharma A, Rishi OP (2019) IoT platform for smart city: a global survey. In: Rathore VS, Worring M, Mishra DK, Joshi A, Maheshwari S (eds) Emerging trends in expert applications and security. AISC, vol 841. Springer, pp 197–202

  42. Sakiyama K, Batina L, Preneel B, Verbauwhede I (2006) Superscalar coprocessor for high-speed curve-based cryptography. In: Goubin L, Matsui M (eds) Cryptographic hardware and embedded systems-CHES 2006. LNCS, vol 4249. Springer, pp 415–429

  43. Saldamli G, Ertaul L, Kodirangaiah B (2018) Post-quantum cryptography on IoT: Merkle’s tree authentication. In: Proceedings of International Conference on Wireless Networks (ICWN’18), pp 35–41

  44. Santoso FK, Vun NC (2015) Securing IoT for smart home system. In: 2015 IEEE International Symposium on Consumer Electronics (ISCE). IEEE

  45. Sendrier N (2011) Decoding one out of many. In: Yang BY (ed) Post-quantum cryptography. PQCrypto 2011. LNCS, vol 7071. Springer, pp 51–67

  46. Serpanos D, Wolf M (2018) Industrial internet of things. Springer, New York, pp 37–54

    Google Scholar 

  47. Shor P (1994) Polynomial-time algorithm for prime factorization and discrete logarithms on a quantum computer. In: Proceedings of the 35th Annual Symposium on Foundations of Computer Science, vol 124

  48. Song T, Li R, Mei B, Yu J, Xing X, Cheng X (2017) A privacy preserving communication protocol for IoT applications in smart homes. IEEE Internet Things J 4(6):1844–1852

    Article  Google Scholar 

  49. Stern J (1989) A method for finding codewords of small weight. In: Cohen GD, Wolfmann J (eds) Coding theory and applications. LNCS, vol 388, pp 106–113

  50. Sun X, Men S, Zhao C, Zhou Z (2015) A security authentication scheme in machine-to-machine home network service. Secur Commun Netw 8(16):2678–2686

    Article  Google Scholar 

  51. Team TA (2006) HLPSL tutorial the Beginner’s guide to modelling and analysing internet security protocols. Technical report. AVISPA project

  52. Tschofenig H, Pegourie-Gonnard M (2015) Performance of state-of-the-art cryptography on ARM-based microprocessors. In: Lightweight Cryptography Workshop 2015

  53. von Maurich I, Güneysu T (2014) Towards side-channel resistant implementations of QC-MDPC McEliece encryption on constrained devices. In: Mosca M (ed) Post-quantum cryptography. LNCS, vol 8772. Springer, Cham, pp 266–282

  54. von Maurich I, Oder T, Güneysu T (2015) Implementing QC-MDPC McEliece encryption. ACM Trans Embed Comput Syst 14(33):44

    Google Scholar 

  55. Wahaishi A, Samani A, Ghenniwa H (2015) Smarthealth and internet of things. In: Geissbühler A, Demongeot J, Mokhtari M, Abdulrazak B, Aloulou H (eds) Inclusive smart cities and e-health. ICOST 2015. Springer, New York, pp 373–378

    Chapter  Google Scholar 

  56. Wang KH, Chen CM, Fang W, Wu TY (2017) A secure authentication scheme for internet of things. Pervasive Mobile Comput 42:15–26

    Article  Google Scholar 

  57. Wang KH, Chen CM, Fang W, Wu TY (2018) On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J Supercomput 74(1):65–70

    Article  Google Scholar 

  58. Yan SY (2015) Quantum computing for elliptic curve discrete logarithms. Springer, New York, pp 173–228

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, University of M’sila, BP. 166, Ichebilia, 28000, M’sila, Algeria

    Noureddine Chikouche

  2. Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F18 rue du prof. Benoît Lauras, 42000, Saint-Étienne, France

    Pierre-Louis Cayrel

  3. Laboratoire d’Algebre, de Cryptographie, de Géométrie Algébrique et Applications, Université Cheikh Anta Diop de Dakar, Dakar, Senegal

    El Hadji Modou Mboup & Brice Odilon Boidje

Authors
  1. Noureddine Chikouche
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Pierre-Louis Cayrel
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. El Hadji Modou Mboup
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Brice Odilon Boidje
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Noureddine Chikouche.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chikouche, N., Cayrel, PL., Mboup, E.M. et al. A privacy-preserving code-based authentication protocol for Internet of Things. J Supercomput 75, 8231–8261 (2019). https://doi.org/10.1007/s11227-019-03003-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-019-03003-4

Keywords