Skip to main content
SpringerLink
Log in

A Multi-factor User Authentication and Key Agreement Protocol Based on Bilinear Pairing for the Internet of Things

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT) presents a new paradigm of the future internet that intends to provide interactive communication between various processing object via heterogeneous networks. By increasing the IoT usage, establishing the security of IoT becomes a big concern. One of the security related issues is user authentication; that means before a user can access to the IoT nodes, the user and IoT node must authenticate each other. In this paper, a multi-factor user authentication and key agreement protocol, with reasonable computational time, applicable for IoT environments is proposed. To gain access to the services provided by IoT nodes, first, the gateway must authenticate the user and then, with help of the gateway, the IoT node can authenticate the user. The proposed protocol uses elliptic curve cryptography (ECC) and provides: (1) mutual authentication between the user and IOT node; (2) fresh shared session key; (3) multi-factor authentication; (4) several security requirements (i.e., non-repudiation, anonymity and untraceability, etc.). Formal verification of the proposed protocol using Burrows–Abadi–Needham logic shows that the protocol achieves the desired goals. Protocol simulation using Internet Security Protocols and Applications tool proves the security and robustness of the proposed protocol against well-known attacks. Finally, comparing the proposed protocol with other protocols shows that it is efficient in terms of computational time.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Tsai, C. W., Lai, C. F., & Vasilakos, A. V. (2014). Future internet of things: Open issues and challenges. Wireless Networks,20(8), 2201–2217. https://doi.org/10.1007/s11276-014-0731-0.

    Article  Google Scholar 

  2. Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed internet of things. Computer Networks,57(10), 2266–2279. https://doi.org/10.1016/j.comnet.2012.12.018.

    Article  Google Scholar 

  3. Jing, Q., Vasilakos, A. V., Wan, J., Lu, J., & Qiu, D. (2014). Security of the internet of things: Perspectives and challenges. Wireless Networks,20(8), 2481–2501. https://doi.org/10.1007/s11276-014-0761-7.

    Article  Google Scholar 

  4. Wan, J., Chen, M., Xia, F., Di, L., & Zhou, K. (2013). From machine-to-machine communications towards cyber-physical systems. Computer Science and Information Systems,10(3), 1105–1128. https://doi.org/10.2298/CSIS120326018W.

    Article  Google Scholar 

  5. Sarvabhatla, M., & Vorugunti, C. S. (2014). A secure biometric‐based user authentication scheme for heterogeneous WSN. In 2014 Fourth international conference of emerging applications of information technology (pp. 367–372). IEEE. https://doi.org/10.1109/eait.2014.23.

  6. Lin, C. H., & Lai, Y. Y. (2004). A flexible biometrics remote user authentication scheme. Computer Standards & Interfaces,27(1), 19–23. https://doi.org/10.1016/j.csi.2004.03.003.

    Article  Google Scholar 

  7. An, Y. (2012). Security analysis and enhancements of an effective biometric based remote user authentication scheme using smart cards. BioMed Research International. https://doi.org/10.1155/2012/519723.

    Article  Google Scholar 

  8. Khan, S. H., Akbar, M. A., Shahzad, F., Farooq, M., & Khan, Z. (2015). Secure biometric template generation for multi-factor authentication. Pattern Recognition,48(2), 458–472. https://doi.org/10.1016/j.patcog.2014.08.024.

    Article  Google Scholar 

  9. Jiang, Q., Ma, J., & Li, G. (2013). An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wireless Personal Communications,68(4), 1477–1491. https://doi.org/10.1007/s11277-012-0535-4.

    Article  Google Scholar 

  10. Jiang, Q., Ma, J., Li, G., & Yang, L. (2014). An efficient ticket based authentication protocol with unlinkability for wireless access networks. Wireless Personal Communications,77(2), 1489–1506. https://doi.org/10.1007/s11277-013-1594-x.

    Article  Google Scholar 

  11. Zhao, G., Si, X.,Wang, J., Long, X., & Hu, T. (2011). A novel mutual authentication scheme for Internet of Things. In Proceedings of international conference on modelling, identification and control (ICMIC) (pp. 563–566). IEEE. https://doi.org/10.1109/icmic.2011.5973767.

  12. Sood, S., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Network and Computer Applications,34(2), 609–618. https://doi.org/10.1016/j.jnca.2010.11.011.

    Article  Google Scholar 

  13. Kalra, S., & Sood, S. (2013). Advanced remote user authentication protocol for multi-server architecture based on ECC. Information Security and Applications,18(2), 98–107. https://doi.org/10.1016/j.jisa.2013.07.005.

    Article  Google Scholar 

  14. Yeh, H. L., Chen, T. H., Liu, P. C., Kim, T. H., & Wei, H. W. (2011). A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors,11(5), 4767–4779. https://doi.org/10.3390/s110504767.

    Article  Google Scholar 

  15. Shi, W., & Gong, P. (2013). A new user authentication protocol for wireless sensor networks using elliptic curves cryptography. Distributed Sensor Networks,9(4), 1–7. https://doi.org/10.1155/2013/730831.

    Article  Google Scholar 

  16. Choi, Y., Lee, D., Kim, J., Jung, J., Nam, J., & Won, D. (2014). Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors,14(6), 10081–10106. https://doi.org/10.3390/s140610081.

    Article  Google Scholar 

  17. Xue, K., Ma, C., Hong, P., & Ding, R. (2013). A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. Network and Computer Applications,36(1), 316–323. https://doi.org/10.1016/j.jnca.2012.05.010.

    Article  Google Scholar 

  18. Jiang, Q., Ma, J., Lu, X., & Tian, Y. (2015). An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Networking and Applications,8(6), 1070–1081. https://doi.org/10.1007/s12083-014-0285-z.

    Article  Google Scholar 

  19. Turkanović, M., Brumen, B., & Hölbl, M. (2014). A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion. Ad Hoc Networks,20, 96–112. https://doi.org/10.1016/j.adhoc.2014.03.009.

    Article  Google Scholar 

  20. Amin, R., & Biswas, G. P. (2016). A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Networks,36, 58–80. https://doi.org/10.1016/j.adhoc.2015.05.020.

    Article  Google Scholar 

  21. Kalra, S., & Sood, S. K. (2015). Secure authentication scheme for IoT and cloud servers. Pervasive and Mobile Computing,24, 210–223. https://doi.org/10.1016/j.pmcj.2015.08.001.

    Article  Google Scholar 

  22. Chang, C. C., Wu, H. L., & Sun, C. Y. (2017). Notes on ‘secure authentication scheme for IoT and cloud servers’. Pervasive and Mobile Computing,38, 275–278. https://doi.org/10.1016/j.pmcj.2015.12.003.

    Article  Google Scholar 

  23. Lee, J. K., Ryu, S. R., & Yoo, K. Y. (2002). Fingerprint-based remote user authentication scheme using smart cards. Electronics Letters,38(12), 554–555. https://doi.org/10.1049/el:20020380.

    Article  Google Scholar 

  24. Chang, C. C., & Lin, I. C. (2004). Remarks on fingerprint-based remote user authentication scheme using smart cards. ACM SIGOPS Operating System Review,38(4), 91–96. https://doi.org/10.1145/1031154.1031165.

    Article  Google Scholar 

  25. Das, A. K., & Goswami, A. (2015). A robust anonymous biometric-based remote user authentication scheme using smart cards. King Saud University-Computer and Information Sciences,27(2), 193–210. https://doi.org/10.1016/j.jksuci.2014.03.020.

    Article  Google Scholar 

  26. Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems,8(1), 18–36. https://doi.org/10.1145/77648.77649.

    Article  MATH  Google Scholar 

  27. Huang, X., Xiang, Y., Chonka, A., Zhou, J., & Deng, R. H. (2011). A generic framework for three-factor authentication: Preserving security and privacy in distributed systems. IEEE Transactions on Parallel and Distributed Systems,22(8), 1390–1397. https://doi.org/10.1109/TPDS.2010.206.

    Article  Google Scholar 

  28. Kothmayr, T., Schmitt, C., Hu, W., Brünig, M., & Carle, G. (2012). A DTLS based end‐to‐end security architecture for the internet of things with two‐way authentication. In Proceedings of 37th conference on local computer networks workshops (pp. 956–963). IEEE. https://doi.org/10.1109/lcnw.2012.6424088.

  29. Jiang, Q., Kumar, N., Ma, J., Shen, J., & He, D. (2016). A privacy-aware two-factor authentication protocol based on elliptic curve cryptography for wireless sensor networks. Network Management. https://doi.org/10.1002/nem.1937.

    Article  Google Scholar 

  30. Shamir, A. (1985). Identity-based cryptosystems and signature schemes. In Proceedings of CRYPTO’84 on advances in cryptology (Vol. 196, pp. 47–53). Springer. https://doi.org/10.1007/3-540-39568-7_5.

  31. Boneh, D., & Franklin, M. (2001). Identity-based encryption from the Weil pairing. In Annual international cryptology conferenceCRYPTO 2001 (pp. 213–229). Springer. https://doi.org/10.1007/3-540-44647-8_13.

    Chapter  Google Scholar 

  32. Gentry, C., Peikert, C., & Vaikuntanathan, V. (2008). Trapdoors for hard lattices and new cryptographic constructions. In Proceedings of 14th ACM annual symposium on theory of computing (pp. 197–206). ACM. https://doi.org/10.1145/1374376.1374407.

  33. Das, M. L., Saxena, A., Gulati, V. P., & Phatak, D. B. (2006). A novel remote user authentication scheme using bilinear pairings. Computers & Security,25(3), 184–189. https://doi.org/10.1016/j.cose.2005.09.002.

    Article  Google Scholar 

  34. Chou, J. S., Chen, Y., & Lin, J. Y. (2005). Improvement of Manik et al.’s remote user authentication scheme. http://eprint.iacr.org/2005/450.pdf.

  35. Goriparthi, T., Das, M.L., Negi, A., & Saxena, A. (2006). Cryptanalysis of recently proposed Remote User Authentication Schemes. Cryptology ePrint Archive. http://eprint.iacr.org/2006/028.pdf.

  36. Fang, G., & Huang, G. (2006). Improvement of recently proposed remote user authentication schemes. Cryptology ePrint Archive. http://eprint.iacr.org/2006/200.pdf.

  37. Vallent, T. F., & Kim, H. (2013). Three factor authentication protocol based on bilinear pairing. In: Multimedia and ubiquitous engineering, Lecture notes in electrical engineering (Vol. 240, pp. 253–259). Springer. https://doi.org/10.1007/978-94-007-6738-6_32.

    Google Scholar 

  38. Hsu, C. L., Chuang, Y. H., & Kuo, C. (2015). A novel remote user authentication scheme from bilinear pairings via internet. Wireless Personal Communications,83(1), 163–174. https://doi.org/10.1007/s11277-015-2386-2.

    Article  Google Scholar 

  39. Luo, M., & Zhao, H. (2015). An authentication and key agreement mechanism for multi-domain wireless networks using certificateless public-key cryptography. Wireless Personal Communications,81(2), 779–798. https://doi.org/10.1007/s11277-014-2157-5.

    Article  Google Scholar 

  40. Tsai, J. L., & Lo, N. W. (2015). Provably secure and efficient anonymous ID-based authentication protocol for mobile devices using bilinear pairings. Wireless Personal Communications,83(2), 1273–1286. https://doi.org/10.1007/s11277-015-2449-4.

    Article  Google Scholar 

  41. Bakhtiari-Chehelcheshmeh, S., & Hosseinzadeh, M. (2017). A new certificateless and secure authentication scheme for ad hoc networks. Wireless Personal Communications,94(4), 2833–2851. https://doi.org/10.1007/s11277-016-3721-y.

    Article  Google Scholar 

  42. Boyen, X. (2003). Multipurpose identity-based signcryption. In Proceedings of 23rd annual international conference on cryptology (CRYPTO’03) (Vol. 2729, pp. 383–399). Springer. https://doi.org/10.1007/978-3-540-45146-4_23.

    Chapter  Google Scholar 

  43. Barreto, P. S., Libert, B., McCullagh, N., & Quisquater, J. J. (2005). Efficient and provably-secure identity-based signatures and signcryption from bilinear maps. In International conference on the theory and application of cryptology and information security (pp. 515–532). Springer. https://doi.org/10.1007/11593447_28.

    Google Scholar 

  44. Vigano, L. (2006). Automated security protocol analysis with the AVISPA tool. Electronic Notes in Theoretical Computer Science,155, 61–86. https://doi.org/10.1016/j.entcs.2005.11.052.

    Article  Google Scholar 

  45. Barreto, P. S. L. M., Kim, H. Y., Lynn, B., & Scott, M. (2002). Efficient algorithms for pairing-based cryptosystems. In Proceedings of 22nd annual international conference on cryptography (Vol. 2242, pp. 354–369). Springer. https://doi.org/10.1007/3-540-45708-9_23.

    Chapter  Google Scholar 

  46. Hafizul, S. K., & Biswas, I. G. P. (2015). Design of two-party authenticated key agreement protocol based on ECC and self-certified public keys. Wireless Personal Communications,82(4), 2727–2750. https://doi.org/10.1007/s11277-015-2375-5.

    Article  Google Scholar 

  47. Shim, K. A., Lee, Y. R., & Park, C. M. (2013). EIBAS: An efficient identity-based broadcast authentication scheme in wireless sensor networks. Ad Hoc Networks,11(1), 182–189. https://doi.org/10.1016/j.adhoc.2012.04.015.

    Article  Google Scholar 

  48. Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory,29(2), 198–208. https://doi.org/10.1109/TIT.1983.1056650.

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Shahr-e-Qods Branch, Islamic Azad University, Tehran, Iran

    Mohammad Nikravan & Akram Reza

Authors
  1. Mohammad Nikravan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Akram Reza
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammad Nikravan.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Nikravan, M., Reza, A. A Multi-factor User Authentication and Key Agreement Protocol Based on Bilinear Pairing for the Internet of Things. Wireless Pers Commun 111, 463–494 (2020). https://doi.org/10.1007/s11277-019-06869-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-019-06869-y

Keywords

Search

Navigation