Abstract
The Internet of Things (IoT) has seen significant growth, enabling connectivity and intelligence in various domains which use RFID communication most. However, this growth has also brought forth significant security challenges, particularly concerning replay attacks, which have troubled previous works. In our study, we introduce an innovative security solution that uses elliptic curve cryptography (ECC) with zero-knowledge proof (ZKP) specifically tailored for RFID-communicated applications. By leveraging ECC with ZKP, we not only improve the security of IoT systems but also reduce the persistent threat of replay attacks. Unlike traditional methods, our approach ensures that sensitive data is securely transmitted and authenticated without the risk of unauthorized duplication. We validated our approach using Scyther and BAN logic, well-known tools for assessing security protocols. These validations confirm the robustness of our solution in addressing security challenges and provide further assurance of its effectiveness in protecting IoT systems against various threats, including replay attacks. Our comprehensive analysis revealed that our approach outperforms existing solutions in terms of communication costs and computation costs. The improved efficiency in these key areas underscores the practicality and viability of our solution, further solidifying its position as a leading option for safeguarding IoT ecosystems against emerging threats.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data availability
Enquiries about data availability should be directed to the authors. Data will be available on request.
References
Yao Hailong, Yan Qiao, Xingbing Fu, Zhang Zhibin, Lan Caihui (2022) Ecc-based lightweight authentication and access control scheme for IoT e-healthcare. Soft Comput 26(9):4441–4461
Chatterjee Uddalak, Ray Sangram, Khan Muhammad Khurram, Dasgupta Mou, Chen Chien-Ming (2022) An ECC-based lightweight remote user authentication and key management scheme for IoT communication in context of fog computing. Computing 104(6):1359–1395
Sadhukhan D, Ray S, Obaidat MS, Dasgupta M (2021) A secure and privacy preserving lightweight authentication scheme for smart-grid communication using elliptic curve cryptography. J Syst Arch 114:101938
Chaudhry Shehzad Ashraf, Yahya Khalid, Garg Sahil, Kaddoum Georges, Hassan Mohammad Mehedi, Zikria Yousaf Bin (2022) Las-sg: an elliptic curve-based lightweight authentication scheme for smart grid environments. IEEE Trans Ind Inf 19(2):1504–1511
Sadhukhan D, Sangram Ray GP, Biswas MK, Khan MD (2021) A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography. J Supercomput 77(2):1114–1151
Singh RG, Karan S, Izza AN, Komeil H, Ali A (2022) A lightweight authentication scheme with privacy preservation for vehicular networks. Comput Electr Eng 100:108016
Ali SM, Alsharkawy Almohammady S, Abou-Kreisha Mohammad T, Abdel RM (2023) Efficient ECC-based authentication scheme for fog-based IoT environment. Int J Comput Netw Commun (IJCNC), 15(4)
Upendra V, Diwakar B (2021) Ecc-based lightweight mutual authentication protocol for fog enabled IoT system using three-way authentication procedure. Int J Comput Sci Eng 24(5):505–516
Ali U, Idris MY, Frnda J, Ayub MN, Khan MA, Khan N, Jasim AA, Ullah I, Babar M et al (2023) Enhanced lightweight and secure certificateless authentication scheme (elwscas) for internet of things environment. Internet of Things 24:100923
Jaya S, Ashish G, Subramanian V (2023) An efficient lightweight authentication scheme for human-centered industrial internet of things. Int J Commun Syst 36(12):e4189
Shihong Z, Qiang C, Chenyu W, Zifu H, Xu G (2021) A robust two-factor user authentication scheme-based ECC for smart home in IoT. IEEE Syst J 16(3):4938–4949
Zargar Sadra, Shahidinejad Ali, Ghobaei-Arani Mostafa (2021) A lightweight authentication protocol for iot-based cloud environment. Int J Commun Syst 34(11):e4849
Chatterjee Uddalak, Ray Sangram, Adhikari Sharmistha, Khan Muhammad Khurram, Dasgupta Mou (2023) An improved authentication and key management scheme in context of iot-based wireless sensor network using ecc. Comput Commun 209:47–62
Amintoosi Haleh, Nikooghadam Mahdi, Shojafar Mohammad, Kumari Saru, Alazab Mamoun (2022) Slight: a lightweight authentication scheme for smart healthcare services. Comput Electr Eng 99:107803
Upendra V, Diwakar B (2022) A secure lightweight anonymous elliptic curve cryptography-based authentication and key agreement scheme for fog assisted-internet of things enabled networks. Concurr Comput: Pract Exp 34(23):e7172
Cong W, Peng H, Maode M, Tong Z, Yiying Z (2023) A provable secure and lightweight ECC-based authenticated key agreement scheme for edge computing infrastructure in smart grid. Computing 105(11):2511–2537
Tao W, Luyao W, Weichuan L, Shixin Y (2021) A lightweight continuous authentication scheme for medical wireless body area networks. Peer-to-Peer Netw Appl 14(6):3473–3487
Bhawna N, Amar KM (2021) Salmaka: secured, anonymity preserving and lightweight mutual authentication and key agreement scheme for wban. Int J Sens Wirel Commun Control 11(4):374–384
Masoumeh S, Samad R, Ygal B, Sadegh S, Nasour B (2022) Improving rfid/iot-based generalized ultra-lightweight mutual authentication protocols. J Inf Secur Appl 67:103194
Atakan A, Aldırmaz ÇS, Sarp E (2021) A secure and privacy friendly ecc based rfid authentication protocol for practical applications. Wireless Pers Commun 120(4):2653–2691
Ömer A, Gökhan D, Cem Kö (2020) A novel grouping proof authentication protocol for lightweight devices: Gpapxr+. Turk J Electr Eng Comput Sci 28(5):3036–3051
Sangjukta D, Suyel N, Suman D, Moreno GP, Gonzalez CR (2023) Securing IoT-based smart healthcare systems by using advanced lightweight privacy-preserving authentication scheme. IEEE Internet Things J 10(21):18486–18494
Servati MR, Safkhani M (2023) Eccbas: an ECC based authentication scheme for healthcare IoT systems. Pervasive Mob Comput 90:101753
Acknowledgements
The authors would like to thank the editor and the reviewers for considering the manuscript for the review.
Funding
No funding was received for conducting this study.
Author information
Authors and Affiliations
Contributions
The authors contributed to each part of this paper equally. M. Prakash was involved in conceptualization, methodology, validation, formal analysis, investigation, resources, writing—original draft preparation, writing—reviewing and editing, visualization. K. Ramesh helped in conceptualization, methodology, supervision, validation, formal analysis, investigation, writing—reviewing and editing, visualization.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that we have no conflict of interest. Here, we declare that we have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Ethical approval/Human and animal rights
The article does not contain any studies with human participants or animals performed by any of the author.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Prakash, M., Ramesh, K. ECAUT: ECC-infused efficient authentication for internet of things systems based on zero-knowledge proof. J Supercomput 80, 25640–25667 (2024). https://doi.org/10.1007/s11227-024-06427-9
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-024-06427-9