Abstract
Focusing specifically on sensing devices with restricted resources, heterogeneous internet of things (HIoT) is an attractive scenario for IoT networks. Nonetheless, the very nature of wireless channels in these networks has given rise to a series of security challenges, which need to be considered while developing authentication protocols. Here, we scrutinized Yu and Park’s, Kumari et al.’s, and Ostad-sharif et al.'s protocols and illustrated their weaknesses against key compromise attacks, insider attacks, and violation of anonymity. Furthermore, for heterogeneous IoT contexts, a lightweight and secure authentication and key agreement protocol for heterogeneous IoT environments is presented. Concerning the restricted resources of sensing devices, an attempt is made to provide an efficient HIoT-based authentication protocol to enhance network security and performance. The gateway as a trusted authority with the maximum workload and sensing devices with the highest restrictions on resources are considered in the suggested protocol. As a result, the user bears the brunt of the workload in the individual session. The Burrows–Abadi–Needham (BAN) logic is used to validate the proposed protocol, and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is utilized to demonstrate resilience to existing active attacks. Simulation findings and performance assessment revealed that our protocol improved communication overheads by up to 110%, computation overheads by up to 83%, and sensing device maximum storage capacity by up to 51%.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Deebak BD, Al-Turjman F (2021) Secure-user sign-in authentication for IoT-based eHealth systems. Complex Intell Syst. https://doi.org/10.1007/s40747-020-00231-7
Zhang Y, Zhao H, Xiang Y, Huang X, Chen X (2019) A key agreement scheme for smart homes using the secret mismatch problem. IEEE Internet Things J 6(6):10251–10260. https://doi.org/10.1109/JIOT.2019.2936884
Yaqoob I, Hashem IAT, Mehmood Y, Gani A, Mokhtar S, Guizani S (2017) Enabling Communication Technologies For Smart Cities. IEEE Commun Mag 55(1):112–120. https://doi.org/10.1109/MCOM.2017.1600232CM
Ji S, Liu S, Wang C, Qi R, Shen J (2020) An anonymous mutual authentication scheme for rfid-based transportation system. Electronics 9(12):2167. https://doi.org/10.3390/electronics9122167
Shashidhara R, Bojjagani S, Maurya AK et al (2020) A Robust user authentication protocol with privacy-preserving for roaming service in mobility environments. Peer-to-Peer Netw 13:1943–1966. https://doi.org/10.1007/s12083-020-00929-y
Irshad A, Usman M, Chaudhry SA, Naqvi H, Shafiq M (2020) A provably secure and efficient authenticated key agreement scheme for energy internet-based vehicle-to-grid technology framework. IEEE Trans Ind Appl 56(4):4425–4435. https://doi.org/10.1109/TIA.2020.2966160
Yugha R, Chithra S (2020) A survey on technologies and security protocols: Reference for future generation IoT. J Netw Comput Appl 169:102763. https://doi.org/10.1016/j.jnca.2020.102763
Kavianpour S, Shanmugam B, Azam S, Zamani M, Narayana Samy G, De Boer F (2019) A systematic literature review of authentication in Internet of Things for heterogeneous devices. J Comput Netw Commun. https://doi.org/10.1155/2019/5747136
Nandy T, Idris MYIB, Noor RM, Kiah LM, Lun LS et al (2019) Review on security of Internet of Things authentication mechanism. IEEE Access 7:151054–151089. https://doi.org/10.1109/ACCESS.2019.2947723
Qiu T, Chen N, Li K, Atiquzzaman M, Zhao W (2018) How can heterogeneous Internet of Things build our future: A survey. IEEE Commun Surveys Tutor 20(3):2011–2027. https://doi.org/10.1109/COMST.2018.2803740
Kumari S, Das AK, Wazid M, Li X, Wu F, Choo KKR, Khan MK (2017) On the design of a secure user authentication and key agreement scheme for wireless sensor networks. Concurr Comput Pract Exp 29(23):e3930. https://doi.org/10.1002/cpe.3930
Yu S, Park Y (2020) SLUA-WSN: secure and lightweight three-factor-based user authentication protocol for wireless sensor networks. Sensors 20(15):4143. https://doi.org/10.3390/s20154143
Ostad-Sharif A, Arshad H, Nikooghadam M, Abbasinezhad-Mood D (2019) Three party secure data transmission in IoT networks through design of a lightweight authenticated key agreement scheme. Futur Gener Comput Syst 100:882–892. https://doi.org/10.1016/j.future.2019.04.019
Li J, Zhang W, Kumari S, Choo KKR, Hogrefe D (2018) Security analysis and improvement of a mutual authentication and key agreement solution for wireless sensor networks using chaotic maps. Trans Emerg Telecommun Technol 29(6):e3295. https://doi.org/10.1002/ett.3295
Fang D, Qian Y, Hu RQ (2020) A flexible and efficient authentication and secure data transmission scheme for IoT applications. IEEE Internet Things J 7(4):3474–3484. https://doi.org/10.1109/JIOT.2020.2970974
Zhang Y, He D, Li L, Chen B (2020) A lightweight authentication and key agreement scheme for internet of drones. Comput Commun 154:455–464. https://doi.org/10.1016/j.comcom.2020.02.067
Lee DH, Lee IY (2020) A lightweight authentication and key agreement schemes for IoT environments. Sensors 20(18):5350. https://doi.org/10.3390/s20185350
Shin S, Kwon T (2020) A privacy-preserving authentication, authorization, and key agreement scheme for wireless sensor networks in 5G-integrated internet of things. IEEE Access 8:67555–67571. https://doi.org/10.1109/ACCESS.2020.2985719
Wang F, Xu G, Xu G, Wang Y, Peng J (2020) A robust IoT-based three-factor authentication scheme for cloud computing resistant to session key exposure. Wirel Commun Mob Comput 2020:3805058. https://doi.org/10.1155/2020/3805058
Gaba GS, Kumar G, Monga H, Kim TH, Kumar P (2020) Robust and lightweight mutual authentication scheme in distributed smart environments. IEEE Access 8:69722–69733. https://doi.org/10.1109/ACCESS.2020.2986480
Hajian R, Erfani SH (2021) CHESDA: continuous hybrid and energy-efficient secure data aggregation for WSN. J Supercomput 77:5045–5075. https://doi.org/10.1007/s11227-020-03455-z
Zhang X, Wen F (2019) An novel anonymous user WSN authentication for Internet of Things. Soft Comput 23(14):5683–5691. https://doi.org/10.1007/s00500-018-3226-6
Xu L, Wu F (2019) A lightweight authentication scheme for multi-gateway wireless sensor networks under IoT conception. Arab J Sci Eng 44(4):3977–3993. https://doi.org/10.1007/s13369-019-03752-7
Xue L, Huang Q, Zhang S, Huang H, Wang W (2021) A Lightweight Three-Factor Authentication and Key Agreement Scheme for Multigateway WSNs in IoT. Secur Commun Netw. https://doi.org/10.1155/2021/3300769
Shin S, Kwon T (2019) A lightweight three-factor authentication and key agreement scheme in wireless sensor networks for smart homes. Sensors 19(9):2012. https://doi.org/10.3390/s19092012
Wazid M, Das AK, Bhat V, Vasilakos AV (2020) LAM-CIoT: lightweight authentication mechanism in cloud-based IoT environment. J Netw Comput Appl 150:102496. https://doi.org/10.1016/j.jnca.2019.102496
Banerjee S, Odelu V, Das AK, Chattopadhyay S, Park Y (2020) An efficient, anonymous and robust authentication scheme for smart home environments. Sensors 20(4):1215. https://doi.org/10.3390/s20041215
Farash MS, Turkanović M, Kumari S, Hölbl M (2016) An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. Ad Hoc Netw 36:152–176. https://doi.org/10.1016/j.adhoc.2015.05.014
Mo J, Chen H (2019) A lightweight secure user authentication and key agreement protocol for wireless sensor networks. Secur Commun Netw. https://doi.org/10.1155/2019/2136506
Yu B, Li H (2019) Anonymous authentication key agreement scheme with pairing-based cryptography for home-based multi-sensor Internet of Things. Int J Distrib Sens Netw 15(9):1550147719879379. https://doi.org/10.1177/1550147719879379
Kocher P, Jaffe J, Benjamin J (1999) Differential power analysis. Annual international cryptology conference 1666:388–397. https://doi.org/10.1007/3-540-48405-1_25
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552. https://doi.org/10.1109/TC.2002.1004593
Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proc R Soc Lond A Math Phys Sci 426(1871):233–271. https://doi.org/10.1098/rspa.1989.0125
AVISPA (2020) Automated validation of internet security protocols and applications. Available online, (4 Dec 2020), http://people.irisa.fr/Thomas.Genet/span/
Heinzelman WE, Chandrakasan A, Balakrishnan H (200) Energy-efficient communication protocol for wireless microsensor networks. In: Proceedings of the 33rd Annual Hawaii International Conference on System Sciences (10-pp). IEEE, https://doi.org/10.1109/HICSS.2000.926982.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix
Appendix
Rights and permissions
About this article
Cite this article
Hajian, R., Erfani, S.H. & Kumari, S. A lightweight authentication and key agreement protocol for heterogeneous IoT with special attention to sensing devices and gateway. J Supercomput 78, 16678–16720 (2022). https://doi.org/10.1007/s11227-022-04464-w
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-022-04464-w