Skip to main content
Springer Nature Link
Log in

A Robust Anonymous Remote User Authentication Protocol for IoT Services

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT), as one of the hottest topics, supports resource-constrained devices which can communicate with each other at any time. Moreover, the communication must be secure on public networks, and it is sometimes necessary to control remote devices using a secure protocol. Consequently, designing a lightweight protocol is one of the challenging points to be addressed. So far, several lightweight protocols have been proposed―this paper analyzes one of the current lightweight authentication protocols for the IoT. Based on the previous protocol, a secure protocol has been suggested that inherits the benefits of the previous one, while it is completely safe against the proposed attacks. The proposed protocol fulfils mutual authentication using BAN logic, as a broadly accepted formal method in security analysis. Moreover, the proposed protocol resists well-known attacks and its security, communication overhead, and time complexity have been compared with similar protocols that show its efficiency for IoT applications. In the proposed protocol, users and IoT nodes share a secret key in 3.122 ms with 528 bytes communication overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Mosenia, A., & Jha, N. K. (2016). A comprehensive study of security of internet-of-things. IEEE Transactions on Emerging Topics in Computing, 5(4), 586–602.

    Article  Google Scholar 

  2. Yang, Y., Wu, L., Yin, G., Li, L., & Zhao, H. (2017). “A survey on security and privacy issues in internet-of-things. IEEE Internet Things Journal, 4(5), 1250–1258.

    Article  Google Scholar 

  3. Dhillon, P. K., & Kalra, S. (2017). A lightweight biometrics based remote user authentication scheme for IoT services. Journal of Information Security and Applications, 34, 255–270.

    Article  Google Scholar 

  4. Xie, S., Zhang, F., Cheng, R. (2020). Security Enhanced RFID Authentication Protocols for Healthcare Environment. Wireless Personal Communication, pp. 1–16

  5. Liu, G., Zhang, H., Kong, F., & Zhang, L. (2018). A novel authentication management RFID protocol based on elliptic curve cryptography. Wireless Personal Communications, 101(3), 1445–1455.

    Article  Google Scholar 

  6. Ghahramani, M., Javidan, R., Shojafar, M., Taheri, R., Alazab, M., & Tafazolli, R. (2020). RSS: An energy-efficient approach for securing IoT service protocols against the DoS attack. IEEE Internet of Things Journal, 8(5), 3619–3635.

    Article  Google Scholar 

  7. Niu, X., & Jiao, Y. (2008). An overview of perceptual hashing. Acta Electronica Sinica, 36(7), 1405–1411.

    Google Scholar 

  8. Hankerson, D., Menezes, A., Vanstone, S. (2003) Guide to Elliptic Curve Cryptography Springer. ISBN 0–387–95273-X; 332 pages web

  9. Sudhakar, T., Natarajan, V., Gopinath, M., & Saranyadevi, J. (2020). An Enhanced authentication protocol for multi-server environment using password and smart card. Wireless Personal Communications, 115, 2779–2803.

    Article  Google Scholar 

  10. Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.

    Article  Google Scholar 

  11. Yeh, K. H. (2014). A Provably Secure Multi-server Based Authentication Scheme. Wireless Personal Communications, 79(3), 1621–1634.

    Article  Google Scholar 

  12. Mishra, D. (2016). Design and analysis of a provably secure multi-server authentication scheme. Wireless Personal Communications, 86(3), 1095–1119.

    Article  Google Scholar 

  13. Wang, C., Zhang, X., & Zheng, Z. (2016). Cryptanalysis and improvement of a biometric-based multi-server authentication and key agreement scheme. PLoS ONE, 11(2), e0149173.

    Article  Google Scholar 

  14. Reddy, A. G., Yoon, E.-J.J., Das, A. K., Odelu, V., & Yoo, K.-Y.Y. (2017). Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE access, 5, 3622–3639.

    Article  Google Scholar 

  15. Xu, D., Chen, J., & Liu, Q. (2019). Provably secure anonymous three-factor authentication scheme for multi-server environments. Journal of Ambient Intelligence and Humanized Computing, 10(2), 611–627.

    Article  Google Scholar 

  16. Mohamad, N. M. V., Lakshmanan, M., Palanivelan, M., & Ella, S. G. (2020). Development of an enhanced secured authentication and key agreement procedure for UMTS network. Wireless Personal Communications, 110(1), 467–483.

    Article  Google Scholar 

  17. Jenefa, J., & Anita, E. A. M. (2019). An enhanced secure authentication scheme for vehicular Ad Hoc networks without pairings. Wireless Personal Communications, 106(2), 535–554.

    Article  Google Scholar 

  18. Chen, C.-L., Chiang, M.-L., Hsieh, H.-C., Liu, C.-C., & Deng, Y.-Y. (2020). A lightweight mutual authentication with wearable device in location-based mobile edge computing. Wireless Personal Communications, 113, 575–598.

    Article  Google Scholar 

  19. Mbarek, B., Ge, M., & Pitner, T. (2021). Trust-based authentication for smart home systems. Wireless Personal Communications, 117(3), 2157–2172.

    Article  Google Scholar 

  20. Anandhi, S., Anitha, R., & Sureshkumar, V. (2019). IoT enabled RFID authentication and secure object tracking system for smart logistics. Wireless Personal Communications, 104(2), 543–560.

    Article  Google Scholar 

  21. Ghahramani, M., Javidan, R., Shojafar, M. (2020). A secure biometric-based authentication protocol for global mobility networks in smart cities. The Journal of Supercomputing, 1-27.

  22. Kumari, S., Renuka, K. (2019). Design of a password authentication and key agreement scheme to access e-healthcare services. Wireless Personal Communications, 1-19.

  23. Amin, R., Kumar, N., Biswas, G. P., Iqbal, R., & Chang, V. (2018). A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment. Future Generation Computer Systems, 78, 1005–1019.

    Article  Google Scholar 

  24. Liu, H., Ning, H., Yue, Y., Wan, Y., & Yang, L. T. (2018). Selective disclosure and yoking-proof based privacy-preserving authentication scheme for cloud assisted wearable devices. Future Generation Computer Systems, 78, 976–986.

    Article  Google Scholar 

  25. Wu, F., Li, X., Xu, L., Kumari, S., Karuppiah, M., & Shen, J. (2017). A lightweight and privacy-preserving mutual authentication scheme for wearable devices assisted by cloud server. Computers & Electrical Engineering, 63, 168–181.

    Article  Google Scholar 

  26. Shen, J., Chang, S., Shen, J., Liu, Q., & Sun, X. (2018). A lightweight multi-layer authentication protocol for wireless body area networks. Future Generation Computer Systems, 78, 956–963.

    Article  Google Scholar 

  27. Mahmood, K., Chaudhry, S. A., Naqvi, H., Kumari, S., Li, X., & Sangaiah, A. K. (2018). An elliptic curve cryptography based lightweight authentication scheme for smart grid communication. Future Generation Computer Systems, 81, 557–565.

    Article  Google Scholar 

  28. Chandrakar, P., & Om, H. (2017). A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC. Computer Communications, 110, 26–34.

    Article  Google Scholar 

  29. Wang, K. H., Chen, C. M., Fang, W., & Wu, T. Y. (2017). A secure authentication scheme for Internet of Things. Pervasive and Mobile Computing, 42, 15–26.

    Article  Google Scholar 

  30. Li, X., Niu, J., Kumari, S., Wu, F., Sangaiah, A. K., & Choo, K.-K.R. (2018). A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments. Journal of Network and Computer Applications, 103, 194–204.

    Article  Google Scholar 

  31. Chang, C. C., Wu, H. L., & Sun, C. Y. (2017). Notes on ‘Secure authentication scheme for IoT and cloud servers.’ Pervasive and Mobile Computing, 38, 275–278.

    Article  Google Scholar 

  32. Li, X., Wu, F., Khan, M. K., Xu, L., Shen, J., & Jo, M. (2018). A secure chaotic map-based remote authentication scheme for telecare medicine information systems. Future Generation Computer Systems, 84, 149–159.

    Article  Google Scholar 

  33. Gope, P., Amin, R., Islam, S. H., Kumar, N., & Bhalla, V. K. (2018). Lightweight and privacy-preserving RFID authentication scheme for distributed IoT infrastructure with secure localization services for smart city environment. Future Generation Computer Systems, 83, 629–637.

    Article  Google Scholar 

  34. Srinivas, J., Mukhopadhyay, S., & Mishra, D. (2017). Secure and efficient user authentication scheme for multi-gateway wireless sensor networks. Ad Hoc Networks, 54, 147–169.

    Article  Google Scholar 

  35. Wu, F., et al. (2018). A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Future Generation Computer Systems, 82, 727–737.

    Article  Google Scholar 

  36. Mohit, P., Amin, R., & Biswas, G. P. (2017). Design of authentication protocol for wireless sensor network-based smart vehicular system. Veh. Commun., 9(February), 64–71.

    Google Scholar 

  37. Chatterjee, K. (2019). An improved authentication protocol for wireless body sensor networks applied in healthcare applications. Wireless Personal Communications, 1-19.

  38. Malhi, A. K., Batra, S., & Pannu, H. S. (2019). An Efficient Privacy Preserving Authentication Scheme for Vehicular Communications. Wireless Personal Communications, 106(2), 487–503.

    Article  Google Scholar 

  39. Byun, J. W. (2019). On the secure design of hash-based authenticator in the smartcard authentication system. Wireless Personal Communications, 109(4), 2329–2352.

    Article  Google Scholar 

  40. Sasikaladevi, N., & Malathi, D. (2019). Energy efficient lightweight mutual authentication protocol (REAP) for MBAN based on Genus-2 hyper-elliptic curve. Wireless Personal Communications, 109(4), 2471–2488.

    Article  Google Scholar 

  41. Nikravan, M., & Reza, A. (2020). A multi-factor user authentication and key agreement protocol based on bilinear pairing for the internet of things. Wireless Personal Communications, 111(1), 463–494.

    Article  Google Scholar 

  42. Shamshad, S., Mahmood, K., Kumari, S. (2020). Comments on “A Multi-factor User Authentication and Key Agreement Protocol Based on Bilinear Pairing for the Internet of Things”. Wireless Personal Communications, 1-4.

  43. Narwal, B., & Mohapatra, A. K. (2020). SEEMAKA: Secured energy-efficient mutual authentication and key agreement scheme for wireless body area networks. Wireless Personal Communications, 113(4), 1985–2008.

    Article  Google Scholar 

  44. Lo, N.-W., & Yohan, A. (2020). BLE-based authentication protocol for micropayment using wearable device. Wireless Personal Communications, 112(4), 2351–2372.

    Article  Google Scholar 

  45. Pallavi, K. N., & Kumar, V. R. (2021). Authentication-based access control and data exchanging mechanism of IoT devices in Fog computing environment. Wireless Personal Communications, 116(4), 3039–3060.

    Article  Google Scholar 

  46. Jain, S., Nandhini, C., & Doriya, R. (2021). ECC-based authentication scheme for cloud-based robots. Wireless Personal Communications, 117(2), 1557–1576.

    Article  Google Scholar 

  47. Wu, F., Xu, L., Kumari, S., & Li, X. (2017). A privacy-preserving and provable user authentication scheme for wireless sensor networks based on internet of things security. Journal of Ambient Intelligence and Humanized Computing, 8(1), 101–116.

    Article  Google Scholar 

  48. Jabbari, A., & Mohasefi, J. B. (2021). Improvement of a user authentication scheme for wireless sensor networks based on internet of things security. Wireless Personal Communications, 116(3), 2565–2591.

    Article  Google Scholar 

  49. Singh, D., Kumar, B., Singh, S., & Chand, S. (2020). Evaluating authentication schemes for real-time data in wireless sensor network. Wireless Personal Communications, 114(1), 629–655.

    Article  Google Scholar 

  50. Dhillon, P. K., & Kalra, S. (2017). Secure multi-factor remote user authentication scheme for Internet of Things environments. International Journal Communication System, 30(16), e3323.

    Article  Google Scholar 

  51. Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.

    Article  MathSciNet  MATH  Google Scholar 

  52. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. Annual international cryptology conference (pp. 388–397). Berlin, Heidelberg: Springer.

    Google Scholar 

  53. Abadi, M., Tuttle, M. R. (1990). A logic of authentication. In ACM Transactions on Computer Systems.

  54. Shi, Z., Ma, C., Cote, J., & Wang, B. (2012). Hardware implementation of hash functions In Introduction to Hardware Security and Trust. New York, NY: Springer.

    Google Scholar 

  55. Li, W., Li, B., Zhao, Y., Wang, P., & Wei, F. (2018). Cryptanalysis and security enhancement of three authentication schemes in wireless sensor networks. Wireless Communications and Mobile Computing.

  56. Wu, F., et al. (2016). A novel and provably secure authentication and key agreement scheme with user anonymity for global mobility networks. Security Communication Networks, 9(16), 3527–3542.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Engineering and Information Technology Department, Shiraz University of Technology, Shiraz, Iran

    Meysam Ghahramani & Reza Javidan

Authors
  1. Meysam Ghahramani
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Reza Javidan
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Meysam Ghahramani.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest and this study was not funded by any organizations.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ghahramani, M., Javidan, R. A Robust Anonymous Remote User Authentication Protocol for IoT Services. Wireless Pers Commun 121, 2347–2369 (2021). https://doi.org/10.1007/s11277-021-08826-0

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-021-08826-0

Keywords