Skip to main content

Advertisement

SpringerLink
Log in

A group key-based lightweight Mutual Authentication and Key Agreement (MAKA) protocol for multi-server environment

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

A Correction to this article was published on 22 October 2021

This article has been updated

Abstract

Use of Internet-of-Things (IoT)-based wireless applications has been exponentially increased nowadays and likely to accelerate in near future. Thus, a large volume of traffic needs to be managed at the application server. In such scenario, the traditional single-server architecture shows serious performance bottleneck and needs to be replaced by multiple servers. In addition, several security and design vulnerabilities may arise while accessing application data through various resource-constraint mobile devices. Thus, ensuring entity authentication, application data confidentiality and energy-efficient computations are essential. In this article, we introduce a group key-based lightweight Mutual Authentication and Key Agreement (MAKA) protocol for multi-server environment. The proposed protocol is designed using low-cost cryptographic primitives (such as hash function and symmetric key encryption/decryption) to address energy-efficiency requirements of the resource-constraint mobile devices. It reduces computational burden of the registration center by distributing the traffic load into a group of servers. Additionally, registration center needs not to maintain one-to-one communication with its users whenever a new server is added to the system. The protocol achieves various security and design properties which are verified both formally and informally. Finally, we compare our protocol with others to show its applicability in real-life implementations.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Change history

References

  1. Ramson SJ, Moni DJ (2017) Applications of wireless sensor networks-a survey. In: 2017 International Conference on Innovations in Electrical, Electronics, Instrumentation and Media Technology (ICEEIMT), IEEE, pp 325–329

  2. Shen X, Wang Z, Sun Y (2004) Wireless sensor networks for industrial applications. In: Fifth World Congress on Intelligent Control and Automation (IEEE Cat. No. 04EX788), IEEE, vol 4, pp 3636–3640

  3. Sheng Z, Mahapatra C, Zhu C, Leung VC (2015) Recent advances in industrial wireless sensor networks toward efficient management in iot. IEEE Access 3:622–637

    Article  Google Scholar 

  4. Gungor VC, Hancke GP (2009) Industrial wireless sensor networks: Challenges, design principles, and technical approaches. IEEE Trans Ind Electron 56(10):4258–4265

    Article  Google Scholar 

  5. Challa S, Das AK, Odelu V, Kumar N, Kumari S, Khan MK, Vasilakos AV (2018) An efficient ecc-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks. Comput Elect Eng 69:534–554

    Article  Google Scholar 

  6. Xu Z, Xu C, Liang W, Xu J, Chen H (2019) A lightweight mutual authentication and key agreement scheme for medical internet of things. IEEE Access 7:53922–53931

    Article  Google Scholar 

  7. Inc G (2018) Gartner identifies top 10 strategic iot technologies and trends. [online] available:https://www.gartner.com/en/newsroom/press-releases/2018-11-07-gartner-identifies-top-10-strategic-iot-technologies-and-trends

  8. He D, Zeadally S, Kumar N, Wu W (2016) Efficient and anonymous mobile user authentication protocol using self-certified public key cryptography for multi-server architectures. IEEE Trans Inf Forensics Secur 11(9):2052–2064

    Article  Google Scholar 

  9. Limbasiya T, Sahay SK, Sridharan B (2021) Privacy-preserving mutual authentication and key agreement scheme for multi-server healthcare system. Information Systems Frontiers pp 1–14

  10. ul Haq I, Wang J, Zhu Y et al (2020b) Secure two-factor lightweight authentication protocol using self-certified public key cryptography for multi-server 5g networks. J Netw Comput Appl 161:102660

    Article  Google Scholar 

  11. Wu TY, Lee Z, Obaidat MS, Kumari S, Kumar S, Chen CM (2020) An authenticated key exchange protocol for multi-server architecture in 5g networks. IEEE Access 8:28096–28108

    Article  Google Scholar 

  12. Ying B, Nayak A (2019) Lightweight remote user authentication protocol for multi-server 5g networks using self-certified public key cryptography. J Netw Comput Appl 131:66–74

    Article  Google Scholar 

  13. Ng B, Si A, Lau RW, Li FW (2002) A multi-server architecture for distributed virtual walkthrough. In: Proceedings of the ACM symposium on Virtual reality software and technology, pp 163–170

  14. Rahman MG, Imai H (2002) Security in wireless communication. Wirel Pers Commun 22(2):213–228

    Article  Google Scholar 

  15. Samfat D, Molva R, Asokan N (1995) Untraceability in mobile networks. In: Proceedings of the 1st Annual International Conference on Mobile Computing and Networking, pp 26–36

  16. Steinbrecher S, Köpsell S (2003) Modelling unlinkability. In: International Workshop on Privacy Enhancing Technologies, Springer, pp 32–47

  17. Khurana H, Hadley M, Lu N, Frincke DA (2010) Smart-grid security issues. IEEE Secur Priv 8(1):81–85

    Article  Google Scholar 

  18. Mont MC, Bramhall P, Harrison K (2003) A flexible role-based secure messaging service: Exploiting ibe technology for privacy in health care. In: 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings., IEEE, pp 432–437

  19. Eldewahi AE, Sharfi TM, Mansor AA, Mohamed NA, Alwahbani SM (2015) Ssl/tls attacks: analysis and evaluation. 2015 International Conference on Computing. Control, Networking, Electronics and Embedded Systems Engineering (ICCNEEE), IEEE, pp 203–208

  20. Sirohi P, Agarwal A, Tyagi S (2016) A comprehensive study on security attacks on ssl/tls protocol. In: 2016 2nd International Conference on Next Generation Computing Technologies (NGCT), IEEE, pp 893–898

  21. ul Haq I, Wang J, Zhu Y, Maqbool S (2020a) A survey of authenticated key agreement protocols for multi-server architecture. Journal of Information Security and Applications 55:102639

    Article  Google Scholar 

  22. Wang D, Zhang X, Zhang Z, Wang P (2020) Understanding security failures of multi-factor authentication schemes for multi-server environments. Comput Secur 88:101619

    Article  Google Scholar 

  23. Kumar A, Om H (2018) An improved and secure multiserver authentication scheme based on biometrics and smartcard. Digit Commun Netw 4(1):27–38

    Article  Google Scholar 

  24. ul Haq I, Wang J, Zhu Y, Maqbool S et al (2021) An efficient hash-based authenticated key agreement scheme for multi-server architecture resilient to key compromise impersonation. Digit Commun Netw 7(1):140–150

    Article  Google Scholar 

  25. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Annual International Cryptology Conference, Springer, pp 388–397

  26. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  27. Zhou S, Gan Q, Wang X (2018) Authentication scheme based on smart card in multi-server environment. Wirel Netw 26(2):855–863

    Article  Google Scholar 

  28. Wu F, Li X, Xu L, Sangaiah AK, Rodrigues JJ (2018) Authentication protocol for distributed cloud computing: an explanation of the security situations for internet-of-things-enabled devices. IEEE Consum Electron Mag 7(6):38–44

    Article  Google Scholar 

  29. Raymond DR, Midkiff SF (2008) Denial-of-service in wireless sensor networks: Attacks and defenses. IEEE Pervasive Comput 7(1):74–81

    Article  Google Scholar 

  30. Wood AD, Stankovic JA (2002) Denial of service in sensor networks. Computer 35(10):54–62

    Article  Google Scholar 

  31. Roy PK, Bhattacharya A (2021) Desynchronization resistant privacy preserving user authentication protocol for location based services. Peer-to-Peer Networking and Applications pp 1–15. https://doi.org/10.1007/s12083-021-01194-3

  32. Tsobdjou LD, Pierre S, Quintero A (2021) A new mutual authentication and key agreement protocol for mobile client-server environment. IEEE Trans Netw Serv Manag 18(2):1275–1286

    Article  Google Scholar 

  33. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  MathSciNet  Google Scholar 

  34. Cheng Z, Nistazakis M, Comley R, Vasiu L (2005) On the indistinguishability-based security model of key agreement protocols-simple cases. IACR Cryptol ePrint Arch 2005:129

    Google Scholar 

  35. Lee CC, Lin TH, Chang RX (2011) A secure dynamic id based remote user authentication scheme for multi-server environment using smart cards. Expert Syst Appl 38(11):13863–13870

    Google Scholar 

  36. Liao YP, Wang SS (2009) A secure dynamic id based remote user authentication scheme for multi-server environment. Comput Stand Interf 31(1):24–29

    Article  Google Scholar 

  37. Menezes AJ, Van Oorschot PC, Vanstone SA (2018) Handbook of applied cryptography. CRC Press, Boca Raton

    Book  Google Scholar 

  38. He D, Bu J, Chan S, Chen C, Yin M (2010) Privacy-preserving universal authentication protocol for wireless communications. IEEE Trans Wirel Commun 10(2):431–436

    Article  Google Scholar 

  39. Chang CC, Le HD (2015) A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Trans Wirel Commun 15(1):357–366

    Article  Google Scholar 

  40. Rogaway P, Shrimpton T (2004) Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: International workshop on fast software encryption, Springer, pp 371–388

  41. Shashidhara R, Bojjagani S, Maurya AK, Kumari S, Xiong H (2020) A robust user authentication protocol with privacy-preserving for roaming service in mobility environments. Peer-to-Peer Netw Appl 13(6):1943–1966

    Article  Google Scholar 

  42. Wen F, Susilo W, Yang G (2013) A secure and effective anonymous user authentication scheme for roaming service in global mobility networks. Wirel Person Commun 73(3):993–1004

    Article  Google Scholar 

  43. Armando A, Basin D, Boichut Y, Chevalier Y, Compagna L, Cuéllar J, Drielsma PH, Héam PC, Kouchnarenko O, Mantovani J et al (2005) The avispa tool for the automated validation of internet security protocols and applications. In: International Conference on Computer Aided Verification, pp 281–285

  44. Von Oheimb D (2005) The high-level protocol specification language hlpsl developed in the eu project avispa. In: Proceedings of APPSEM 2005 workshop, pp 1–17

  45. Team T et al (2006) Avispa v1. 1 user manual. Information society technologies programme (2006). http://avispa-project.org

  46. Suárez-Albela M, Fernández-Caramés TM, Fraga-Lamas P, Castedo L (2018) A practical performance comparison of ecc and rsa for resource-constrained iot devices. In: 2018 Global Internet of Things Summit (GIoTS), IEEE, pp 1–6

Download references

Author information

Authors and Affiliations

  1. Indian Institute of Technology (Indian School of Mines), Dhanbad, 826004, India

    Prasanta Kumar Roy & Ansuman Bhattacharya

Authors
  1. Prasanta Kumar Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ansuman Bhattacharya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Prasanta Kumar Roy.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

The original online version of this article was revised: In this article the legend for Fig. 7 and 8 was wrong.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Roy, P.K., Bhattacharya, A. A group key-based lightweight Mutual Authentication and Key Agreement (MAKA) protocol for multi-server environment. J Supercomput 78, 5903–5930 (2022). https://doi.org/10.1007/s11227-021-04114-7

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-021-04114-7

Keywords

Search

Navigation