Abstract
The Internet of Things (IoT) presents a new paradigm of the future internet that intends to provide interactive communication between various processing object via heterogeneous networks. By increasing the IoT usage, establishing the security of IoT becomes a big concern. One of the security related issues is user authentication; that means before a user can access to the IoT nodes, the user and IoT node must authenticate each other. In this paper, a multi-factor user authentication and key agreement protocol, with reasonable computational time, applicable for IoT environments is proposed. To gain access to the services provided by IoT nodes, first, the gateway must authenticate the user and then, with help of the gateway, the IoT node can authenticate the user. The proposed protocol uses elliptic curve cryptography (ECC) and provides: (1) mutual authentication between the user and IOT node; (2) fresh shared session key; (3) multi-factor authentication; (4) several security requirements (i.e., non-repudiation, anonymity and untraceability, etc.). Formal verification of the proposed protocol using Burrows–Abadi–Needham logic shows that the protocol achieves the desired goals. Protocol simulation using Internet Security Protocols and Applications tool proves the security and robustness of the proposed protocol against well-known attacks. Finally, comparing the proposed protocol with other protocols shows that it is efficient in terms of computational time.
Similar content being viewed by others
References
Tsai, C. W., Lai, C. F., & Vasilakos, A. V. (2014). Future internet of things: Open issues and challenges. Wireless Networks,20(8), 2201–2217. https://doi.org/10.1007/s11276-014-0731-0.
Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed internet of things. Computer Networks,57(10), 2266–2279. https://doi.org/10.1016/j.comnet.2012.12.018.
Jing, Q., Vasilakos, A. V., Wan, J., Lu, J., & Qiu, D. (2014). Security of the internet of things: Perspectives and challenges. Wireless Networks,20(8), 2481–2501. https://doi.org/10.1007/s11276-014-0761-7.
Wan, J., Chen, M., Xia, F., Di, L., & Zhou, K. (2013). From machine-to-machine communications towards cyber-physical systems. Computer Science and Information Systems,10(3), 1105–1128. https://doi.org/10.2298/CSIS120326018W.
Sarvabhatla, M., & Vorugunti, C. S. (2014). A secure biometric‐based user authentication scheme for heterogeneous WSN. In 2014 Fourth international conference of emerging applications of information technology (pp. 367–372). IEEE. https://doi.org/10.1109/eait.2014.23.
Lin, C. H., & Lai, Y. Y. (2004). A flexible biometrics remote user authentication scheme. Computer Standards & Interfaces,27(1), 19–23. https://doi.org/10.1016/j.csi.2004.03.003.
An, Y. (2012). Security analysis and enhancements of an effective biometric based remote user authentication scheme using smart cards. BioMed Research International. https://doi.org/10.1155/2012/519723.
Khan, S. H., Akbar, M. A., Shahzad, F., Farooq, M., & Khan, Z. (2015). Secure biometric template generation for multi-factor authentication. Pattern Recognition,48(2), 458–472. https://doi.org/10.1016/j.patcog.2014.08.024.
Jiang, Q., Ma, J., & Li, G. (2013). An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wireless Personal Communications,68(4), 1477–1491. https://doi.org/10.1007/s11277-012-0535-4.
Jiang, Q., Ma, J., Li, G., & Yang, L. (2014). An efficient ticket based authentication protocol with unlinkability for wireless access networks. Wireless Personal Communications,77(2), 1489–1506. https://doi.org/10.1007/s11277-013-1594-x.
Zhao, G., Si, X.,Wang, J., Long, X., & Hu, T. (2011). A novel mutual authentication scheme for Internet of Things. In Proceedings of international conference on modelling, identification and control (ICMIC) (pp. 563–566). IEEE. https://doi.org/10.1109/icmic.2011.5973767.
Sood, S., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Network and Computer Applications,34(2), 609–618. https://doi.org/10.1016/j.jnca.2010.11.011.
Kalra, S., & Sood, S. (2013). Advanced remote user authentication protocol for multi-server architecture based on ECC. Information Security and Applications,18(2), 98–107. https://doi.org/10.1016/j.jisa.2013.07.005.
Yeh, H. L., Chen, T. H., Liu, P. C., Kim, T. H., & Wei, H. W. (2011). A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors,11(5), 4767–4779. https://doi.org/10.3390/s110504767.
Shi, W., & Gong, P. (2013). A new user authentication protocol for wireless sensor networks using elliptic curves cryptography. Distributed Sensor Networks,9(4), 1–7. https://doi.org/10.1155/2013/730831.
Choi, Y., Lee, D., Kim, J., Jung, J., Nam, J., & Won, D. (2014). Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors,14(6), 10081–10106. https://doi.org/10.3390/s140610081.
Xue, K., Ma, C., Hong, P., & Ding, R. (2013). A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. Network and Computer Applications,36(1), 316–323. https://doi.org/10.1016/j.jnca.2012.05.010.
Jiang, Q., Ma, J., Lu, X., & Tian, Y. (2015). An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Networking and Applications,8(6), 1070–1081. https://doi.org/10.1007/s12083-014-0285-z.
Turkanović, M., Brumen, B., & Hölbl, M. (2014). A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion. Ad Hoc Networks,20, 96–112. https://doi.org/10.1016/j.adhoc.2014.03.009.
Amin, R., & Biswas, G. P. (2016). A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Networks,36, 58–80. https://doi.org/10.1016/j.adhoc.2015.05.020.
Kalra, S., & Sood, S. K. (2015). Secure authentication scheme for IoT and cloud servers. Pervasive and Mobile Computing,24, 210–223. https://doi.org/10.1016/j.pmcj.2015.08.001.
Chang, C. C., Wu, H. L., & Sun, C. Y. (2017). Notes on ‘secure authentication scheme for IoT and cloud servers’. Pervasive and Mobile Computing,38, 275–278. https://doi.org/10.1016/j.pmcj.2015.12.003.
Lee, J. K., Ryu, S. R., & Yoo, K. Y. (2002). Fingerprint-based remote user authentication scheme using smart cards. Electronics Letters,38(12), 554–555. https://doi.org/10.1049/el:20020380.
Chang, C. C., & Lin, I. C. (2004). Remarks on fingerprint-based remote user authentication scheme using smart cards. ACM SIGOPS Operating System Review,38(4), 91–96. https://doi.org/10.1145/1031154.1031165.
Das, A. K., & Goswami, A. (2015). A robust anonymous biometric-based remote user authentication scheme using smart cards. King Saud University-Computer and Information Sciences,27(2), 193–210. https://doi.org/10.1016/j.jksuci.2014.03.020.
Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems,8(1), 18–36. https://doi.org/10.1145/77648.77649.
Huang, X., Xiang, Y., Chonka, A., Zhou, J., & Deng, R. H. (2011). A generic framework for three-factor authentication: Preserving security and privacy in distributed systems. IEEE Transactions on Parallel and Distributed Systems,22(8), 1390–1397. https://doi.org/10.1109/TPDS.2010.206.
Kothmayr, T., Schmitt, C., Hu, W., Brünig, M., & Carle, G. (2012). A DTLS based end‐to‐end security architecture for the internet of things with two‐way authentication. In Proceedings of 37th conference on local computer networks workshops (pp. 956–963). IEEE. https://doi.org/10.1109/lcnw.2012.6424088.
Jiang, Q., Kumar, N., Ma, J., Shen, J., & He, D. (2016). A privacy-aware two-factor authentication protocol based on elliptic curve cryptography for wireless sensor networks. Network Management. https://doi.org/10.1002/nem.1937.
Shamir, A. (1985). Identity-based cryptosystems and signature schemes. In Proceedings of CRYPTO’84 on advances in cryptology (Vol. 196, pp. 47–53). Springer. https://doi.org/10.1007/3-540-39568-7_5.
Boneh, D., & Franklin, M. (2001). Identity-based encryption from the Weil pairing. In Annual international cryptology conference—CRYPTO 2001 (pp. 213–229). Springer. https://doi.org/10.1007/3-540-44647-8_13.
Gentry, C., Peikert, C., & Vaikuntanathan, V. (2008). Trapdoors for hard lattices and new cryptographic constructions. In Proceedings of 14th ACM annual symposium on theory of computing (pp. 197–206). ACM. https://doi.org/10.1145/1374376.1374407.
Das, M. L., Saxena, A., Gulati, V. P., & Phatak, D. B. (2006). A novel remote user authentication scheme using bilinear pairings. Computers & Security,25(3), 184–189. https://doi.org/10.1016/j.cose.2005.09.002.
Chou, J. S., Chen, Y., & Lin, J. Y. (2005). Improvement of Manik et al.’s remote user authentication scheme. http://eprint.iacr.org/2005/450.pdf.
Goriparthi, T., Das, M.L., Negi, A., & Saxena, A. (2006). Cryptanalysis of recently proposed Remote User Authentication Schemes. Cryptology ePrint Archive. http://eprint.iacr.org/2006/028.pdf.
Fang, G., & Huang, G. (2006). Improvement of recently proposed remote user authentication schemes. Cryptology ePrint Archive. http://eprint.iacr.org/2006/200.pdf.
Vallent, T. F., & Kim, H. (2013). Three factor authentication protocol based on bilinear pairing. In: Multimedia and ubiquitous engineering, Lecture notes in electrical engineering (Vol. 240, pp. 253–259). Springer. https://doi.org/10.1007/978-94-007-6738-6_32.
Hsu, C. L., Chuang, Y. H., & Kuo, C. (2015). A novel remote user authentication scheme from bilinear pairings via internet. Wireless Personal Communications,83(1), 163–174. https://doi.org/10.1007/s11277-015-2386-2.
Luo, M., & Zhao, H. (2015). An authentication and key agreement mechanism for multi-domain wireless networks using certificateless public-key cryptography. Wireless Personal Communications,81(2), 779–798. https://doi.org/10.1007/s11277-014-2157-5.
Tsai, J. L., & Lo, N. W. (2015). Provably secure and efficient anonymous ID-based authentication protocol for mobile devices using bilinear pairings. Wireless Personal Communications,83(2), 1273–1286. https://doi.org/10.1007/s11277-015-2449-4.
Bakhtiari-Chehelcheshmeh, S., & Hosseinzadeh, M. (2017). A new certificateless and secure authentication scheme for ad hoc networks. Wireless Personal Communications,94(4), 2833–2851. https://doi.org/10.1007/s11277-016-3721-y.
Boyen, X. (2003). Multipurpose identity-based signcryption. In Proceedings of 23rd annual international conference on cryptology (CRYPTO’03) (Vol. 2729, pp. 383–399). Springer. https://doi.org/10.1007/978-3-540-45146-4_23.
Barreto, P. S., Libert, B., McCullagh, N., & Quisquater, J. J. (2005). Efficient and provably-secure identity-based signatures and signcryption from bilinear maps. In International conference on the theory and application of cryptology and information security (pp. 515–532). Springer. https://doi.org/10.1007/11593447_28.
Vigano, L. (2006). Automated security protocol analysis with the AVISPA tool. Electronic Notes in Theoretical Computer Science,155, 61–86. https://doi.org/10.1016/j.entcs.2005.11.052.
Barreto, P. S. L. M., Kim, H. Y., Lynn, B., & Scott, M. (2002). Efficient algorithms for pairing-based cryptosystems. In Proceedings of 22nd annual international conference on cryptography (Vol. 2242, pp. 354–369). Springer. https://doi.org/10.1007/3-540-45708-9_23.
Hafizul, S. K., & Biswas, I. G. P. (2015). Design of two-party authenticated key agreement protocol based on ECC and self-certified public keys. Wireless Personal Communications,82(4), 2727–2750. https://doi.org/10.1007/s11277-015-2375-5.
Shim, K. A., Lee, Y. R., & Park, C. M. (2013). EIBAS: An efficient identity-based broadcast authentication scheme in wireless sensor networks. Ad Hoc Networks,11(1), 182–189. https://doi.org/10.1016/j.adhoc.2012.04.015.
Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory,29(2), 198–208. https://doi.org/10.1109/TIT.1983.1056650.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Nikravan, M., Reza, A. A Multi-factor User Authentication and Key Agreement Protocol Based on Bilinear Pairing for the Internet of Things. Wireless Pers Commun 111, 463–494 (2020). https://doi.org/10.1007/s11277-019-06869-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-019-06869-y