Skip to main content

Advertisement

Springer Nature Link
Log in

4F-MAKA: Four-factor mutual authentication and key agreement protocol for internet of things

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT), a popular technology that has revolutionized the concept of smart gadgets by bringing the world together, uses the Internet to connect the simplest devices to the most sophisticated. IoT covers a wide range of topics, from simple ones like shopping and smart devices to more complex ones like automated manufacturing and the digital healthcare system. The equipment used in these fields communicates with one another over the Internet, an open platform vulnerable to security concerns. Many protocols for securing IoT communications have been devised; however, they have failed to provide the essential security strength against impersonation, replaying, intrusion and obstruction. As a result, authenticating the IoT users and safeguarding the communications carried out by IoT devices are critical. As a result, we propose a Four-Factor Mutual Authentication and Key Agreement Protocol for Internet of Things in this article. The Burrows-Abadi-Needham (BAN) logic, the Real-Or-Random (ROR) model, and informal security analysis demonstrate the protocol’s soundness. The protocol’s robustness against multiple threats is demonstrated using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Finally, the protocol’s effectiveness in the real world is ensured through its performance evaluation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Data availability

Not Applicable.

References

  1. Das AK, Wazid M, Yannam AR, Rodrigues JJ, Park Y (2019) Provably secure ECC-based device access control and key agreement protocol for iot environment. IEEE Access 7:55382–55397

    Article  Google Scholar 

  2. Kalra S, Sood SK (2015) Secure authentication scheme for IOT and cloud servers. Pervasive Mob Comput 24:210–223

    Article  Google Scholar 

  3. Chang CC, Wu HL, Sun CY (2017) Notes on secure authentication scheme for IOT and cloud servers. Pervasive Mob Comput 38:275–278

    Article  Google Scholar 

  4. Wang KH, Chen CM, Fang W, Wu TY (2017) A secure authentication scheme for internet of things. Pervasive Mob Comput 42:15–26

    Article  Google Scholar 

  5. Wu F, Xu L, Kumari S, Li X (2017) A privacy-preserving and provable user authentication scheme for wireless sensor networks based on internet of things security. J Ambient Intell Humaniz Comput 8(1):101–116

    Article  Google Scholar 

  6. Li X, Niu J, Bhuiyan MZA, Wu F, Karuppiah M, Kumari S (2017) A robust ECC-based provable secure authentication protocol with privacy preserving for industrial internet of things. IEEE Trans Industr Inf 14(8):3599–3609

    Article  Google Scholar 

  7. Harbi Y, Aliouat Z, Refoufi A, Harous S, Bentaleb A (2019) Enhanced authentication and key management scheme for securing data transmission in the internet of things. Ad Hoc Networks 94:101948

  8. Bayat M, Beheshti-Atashgah M, Barari M, Aref MR (2019) Cryptanalysis and improvement of a user authentication scheme for internet of things using elliptic curve cryptography. Int J Netw Secur 21(6):897–911

    Google Scholar 

  9. Xiong L, Li F, Zeng S, Peng T, Liu Z (2019) A blockchain-based privacy-awareness authentication scheme with efficient revocation for multi-server architectures. IEEE Access 7:125840–125853

  10. Shuai M, Xiong L, Wang C, Yu N (2020) A secure authentication scheme with forward secrecy for industrial internet of things using rabin cryptosystem. Comput Commun 160:215–227

    Article  Google Scholar 

  11. Patil AS, Hamza R, Hassan A, Jiang N, Yan H, Li J (2020) Efficient privacy-preserving authentication protocol using pufs with blockchain smart contracts. Comput Secur 97:101958

  12. Goyat R, Kumar G, Saha R, Conti M, Rai MK, Thomas R, Alazab T, Hoon-Kim M (2020) Blockchain-based data storage with privacy and authentication in internet-of-things. IEEE Internet of Things Journal (2020)

  13. Xiang X, Wang M, Fan W (2020) A permissioned blockchain-based identity management and user authentication scheme for E-health systems. IEEE Access 8:171771–171783

  14. Bagga P, Sutrala AK, Das AK, Vijayakumar P (2021) Blockchain-based batch authentication protocol for internet of vehicles. J Syst Archit 113:101877

  15. Rangwani D, Sadhukhan D, Ray S (2021) Cloud Security. CRC Press, pp 76–87

  16. Hussain S, Chaudhry SA, Alomari OA, Alsharif MH, Khan MK, Kumar N (2021) Amassing the security: An ECC-based authentication scheme for internet of drones. IEEE Syst J

  17. Rangwani D, Sadhukhan D, Ray S, Khan MK, Dasgupta M (2021) A robust provable-secure privacy-preserving authentication protocol for industrial internet of things. Peer Peer Netw Appl 14(3):1548–1571

    Article  Google Scholar 

  18. Meng X, Xu J, Liang W, Xu Z, Li KC (2021) A lightweight anonymous cross-regional mutual authentication scheme using blockchain technology for internet of vehicles. Comput Electric Eng 95:107431

  19. Vangala A, Sutrala AK, Das AK, Jo M (2021) Smart contract-based blockchain-envisioned authentication scheme for smart farming. IEEE Internet Things J 8(13):10792–10806

    Article  Google Scholar 

  20. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  MathSciNet  MATH  Google Scholar 

  21. Canetti R, Krawczyk H (2001) International conference on the theory and applications of cryptographic techniques. Springer, pp 453–474

  22. Canetti R, Krawczyk H (2002) International Conference on the Theory and Applications of Cryptographic Techniques. Springer, pp 337–351

  23. Kumari S, Om H (2016) Authentication protocol for wireless sensor networks applications like safety monitoring in coal mines. Comput Netw 104:137–154

    Article  Google Scholar 

  24. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  MATH  Google Scholar 

  25. Wang F, Xu G, Xu G (2019) A provably secure anonymous biometrics-based authentication scheme for wireless sensor networks using chaotic map. IEEE Access 7:101596–101608

  26. Ray S, Biswas G (2012) Proceedings of the world congress on engineering (vol. 1)

  27. Chatterjee U, Ray S, Khan MK, Dasgupta M, Chen CM (2022) An ECC-based lightweight remote user authentication and key management scheme for IOT communication in context of fog computing. Computing 1–37

  28. Stallings W (2006) Cryptography and network security, 4/E. Pearson Education India

  29. Paar C, Pelzl J (2009) Understanding cryptography: a textbook for students and practitioners. Springer Science & Business Media

  30. Wang X, Zeng P, Patterson N, Jiang F, Doss R (2019) An improved authentication scheme for internet of vehicles based on blockchain technology. IEEE access 7:45061–45072

    Article  Google Scholar 

  31. Xu J, Meng X, Liang W, Zhou H, Li KC (2020) A secure mutual authentication scheme of blockchain-based in wbans. China Commun 17(9):34–49

    Article  Google Scholar 

  32. Tan H, Chung I (2019) Secure authentication and key management with blockchain in vanets. IEEE Access 8:2482–2498

    Article  Google Scholar 

  33. Mwitende G, Ali I, Eltayieb N, Wang B, Li F (2020) Authenticated key agreement for blockchain-based WBAN. Telecommun Syst 74(3):347–365

    Article  Google Scholar 

  34. Wang W, Huang H, Xue L, Li Q, Malekian R, Zhang Y (2021) Blockchain-assisted handover authentication for intelligent telehealth in multi-server edge computing environment. J Syst Archit 115:102024

  35. Vivekanandan M, Sastry VN, Reddy US (2021) BIDAPSCA5G: Blockchain based internet of things (IOT) device to device authentication protocol for smart city applications using 5G technology. Peer Peer Netw Appl 14(1):403–419

  36. Harada A, Yamazaki Y, Ohki T (2018) 2018 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC). IEEE, pp 12–16

  37. Rausand M, Hoyland A (2003) System reliability theory: models, statistical methods, and applications (vol. 396). John Wiley & Sons

  38. Lee CC, Li CT, Chen SD (2011) Two attacks on a two-factor user authentication in wireless sensor networks. Parallel Process Lett 21(01):21–26

    Article  MathSciNet  MATH  Google Scholar 

  39. Ku WC, Chang ST (2005) Impersonation attack on a dynamic ID-based remote user authentication scheme using smart cards. IEICE Trans Commun 88(5):2165–2167

    Article  Google Scholar 

  40. Wu Z, Gao S, Cling ES, Li H (2014) Signal and Information Processing Association Annual Summit and Conference (APSIPA), 2014 Asia-Pacific. IEEE, pp 1–5

  41. Vivekanandan M, Sastry VN, Reddy US (2021) Blockchain based privacy preserving user authentication protocol for distributed mobile cloud environment. Peer Peer Netw Appl 14(3):1572–1595

  42. Salem MB, Hershkop S, Stolfo SJ (2008) A survey of insider attack detection research. Insider Attack and Cyber Security, pp 69–90

  43. Sarvabhatla M, Reddy MCM, Vorugunti CS (2015) 2015 Applications and Innovations in Mobile Computing (AIMoC). IEEE, pp 164–169

  44. Kumar V, Kumar R, Pandey S (2020) Polynomial based non-interactive session key computation protocol for secure communication in dynamic groups. Int J Inf Technol 12(1):283–288

    MathSciNet  Google Scholar 

  45. Ling CH, Lee CC, Yang CC, Hwang MS (2017) A secure and efficient one-time password authentication scheme for WSN. Int J Netw Secur 19(2):177–181

    Google Scholar 

  46. Wan T, Wang L, Liao W, Yue S (2021) A lightweight continuous authentication scheme for medical wireless body area networks. Peer Peer Netw Appl 14(6):3473–3487

    Article  Google Scholar 

  47. Shashidhara R, Bojjagani S, Maurya AK, Kumari S, Xiong H (2020) A robust user authentication protocol with privacy-preserving for roaming service in mobility environments. Peer Peer Netw Appl 13(6):1943–1966

    Article  Google Scholar 

  48. Li CT, Lee CC, Weng CY, Chen CM (2018) Towards secure authenticating of cache in the reader for RFID-based IOT systems. Peer Peer Netw Appl 11(1):198–208

    Article  Google Scholar 

  49. Boyd C, Mao W (1993) Workshop on the Theory and Application of of Cryptographic Techniques. Springer, pp 240–247

  50. Wessels J, BV CF (2001) Application of ban-logic. CMG FINANCE BV 19:1–23

  51. Alsalhi IN, Albermany SA Authentication of CRNS by using ban logic 

  52. Abdalla M, Chevassut O, Fouque PA, Pointcheval D (2005) International Conference on the Theory and Application of Cryptology and Information Security. Springer, pp 566–584

  53. Abdalla M, Fouque PA, Pointcheval D (2006) Password-based authenticated key exchange in the three-party setting. IEE Proc Info Secur 153(1):27–39

    Article  MATH  Google Scholar 

  54. Guo J, Du Y (2021) A secure three-factor anonymous roaming authentication protocol using ECC for space information networks. Peer Peer Netw Appl 14(2):898–916

    Article  MathSciNet  Google Scholar 

  55. Armando A, Basin D, Boichut Y, Chevalier Y, Compagna L, Cuéllar J, Drielsma PH, Héam PC, Kouchnarenko O, Mantovani J (2005) International conference on computer aided verification. Springer, pp 281–285

  56. Mir O, van der Weide T, Lee CC (2015) A secure user anonymity and authentication scheme using avispa for telecare medical information systems. J Med Syst 39(9):1–16

    Article  Google Scholar 

  57. Kilinc HH, Yanik T (2013) A survey of SIP authentication and key agreement schemes. IEEE Commun Surv Tutor 16(2):1005–1023

    Article  Google Scholar 

  58. Das AK, Sutrala AK, Kumari S, Odelu V, Wazid M, Li X (2016) An efficient multi-gateway-based three-factor user authentication and key agreement scheme in hierarchical wireless sensor networks. Secur Commun Netw 9(13):2070–2092

    Article  Google Scholar 

  59. Shnayder V, Hempstead M, Chen BR, Allen GW, Welsh M (2004) Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems. pp 188–200

Download references

Acknowledgements

All authors declare that they have no acknowledgments to mention.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology(ISM) Dhanbad, Police Line Road, Dhanbad, Jharkhand, 826004, India

    Diksha Rangwani & Hari Om

Authors
  1. Diksha Rangwani
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Hari Om
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

All authors contributed towards the study of the topic. The work was carried out under the supervision of Dr. Hari Om. The first draft of the manuscript was written by Miss Diksha Rangwani and all the authors commented on previous versions of the manuscript. All authors read and approved the final manuscript.

Corresponding author

Correspondence to Diksha Rangwani.

Ethics declarations

Ethics approval and consent to participate

All the authors declare that they adhered to the ethics of research and publication and they are willing to participate in the process of review and publication.

Human and animal ethics

Not Applicable.

Consent for publication

All the authors give the consent for publication willingly.

Competing interests

All the authors declare that they have no competing interests to declare for this manuscript.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Rangwani, D., Om, H. 4F-MAKA: Four-factor mutual authentication and key agreement protocol for internet of things. Peer-to-Peer Netw. Appl. 16, 35–56 (2023). https://doi.org/10.1007/s12083-022-01382-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-022-01382-9

Keywords