Skip to main content
SpringerLink
Log in

An Efficient Privacy-Preserving ID Centric Authentication in IoT Based Cloud Servers for Sustainable Smart Cities

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Smart cities or Smart societies require Internet of Things (IoT), for connecting numerous devices to enormous asset pools in cloud computing. This coordination of embedded tools plus cloud servers conveys the extensive applicability of IoT in Smart Cities. However, authentication and data protection, play a major job in secure coordination of these two technologies. Considering this, in 2017, Chang et al.s system introduced famous verification system dependent on an elliptic curve cryptography (ECC) for IoT plus cloud servers for Smart Cities and guaranteed that it fulfills need of security protocols and is safe to different sorts of assaults. Nevertheless, in this paper, we demonstrate that Chang et.al. system is defenseless to a privileged insider intrusion, server impersonation intrusion, known session-specific information intrusion and offline password guessing intrusion. In addition, it does not accomplish device anonymity and mutual authentication. Considering this weakness of existing system, we propose an authentication system dependent on ECC for IoT and cloud servers in Smart Cities. The suggested system accomplishes mutual authentication and supports fundamental safety necessities. The informal security examination, performance analysis and contrast of the suggested system with existing systems prove that the suggested method is powerful, effective and stout as a counter to manifold security threats faced by Smart Cities. The formal confirmation of the suggested procedure is performed by AVISPA tools, which affirms its safety strength within the sight of a conceivable invader.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Liu, J., Ren, A., Zhang, L., Sun, R., Du, X. & Guizani, M. (2019). A Novel Secure Authentication Scheme for Heterogeneous Internet of Things, in: ICC 2019-2019 IEEE International Conference on Communications (ICC), Organization, IEEE, pp. 1–6.

  2. Amin, R., Kumar, N., Biswas, G., Iqbal, R., & Chang, V. (2018). A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment. Elsevier, 78, 1005–1019.

    Google Scholar 

  3. Roy, S., Chatterjee, S., Das, A. K., Chattopadhyay, S., Kumari, S., & Jo, M. (2017). Chaotic map-based anonymous user authentication scheme with user biometrics and fuzzy extractor for crowdsourcing Internet of Things. IEEE Internet of Things Journal, 5(4), 2884–2895.

    Article  Google Scholar 

  4. Yang, Y., Wu, L., Yin, G., Li, L., & Zhao, H. (2017). A survey on security and privacy issues in internet-of-things. IEEE Internet of Things Journal, 4(5), 1250–1258.

    Article  Google Scholar 

  5. Mahmood, Z., Ning, H., Ullah, A., & Yao, X. (2017). Secure authentication and prescription safety protocol for telecare health services using ubiquitous IoT. Applied Sciences, 7(10), 1069.

    Article  Google Scholar 

  6. Yao, X., Chen, Z., & Tian, Y. (2015). A lightweight attribute-based encryption scheme for the Internet of Things. Future Generation Computer Systems, 49, 104–112.

    Article  Google Scholar 

  7. Moosavi, S. R., Nigussie, E., Virtanen, S. & Isoaho, J. (2014). An Elliptic Curve-based Mutual Authentication Scheme for RFID Implant Systems., in: ANT/SEIT, 1, pp. 98–206.

  8. Debiao, H., Jianhua, C., & Jin, H. (2012). An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Information Fusion, 13(3), 223–230.

    Article  Google Scholar 

  9. Liao, Y.-P., & Hsiao, C.-M. (2014). A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Ad Hoc Networks, 18, 133–146.

    Article  Google Scholar 

  10. Turkanović, M., Brumen, B., & Hölbl, M. (2014). A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion. Ad Hoc Networks, 20, 96–112.

    Article  Google Scholar 

  11. Farash, M. S., Turkanović, M., Kumari, S., & Hölbl, M. (2016). An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. Ad Hoc Networks, 36, 152–176.

    Article  Google Scholar 

  12. Kalra, S., & Sood, S. K. (2015). Secure authentication scheme for IoT and cloud servers. Pervasive and Mobile Computing, 24, 210–223.

    Article  Google Scholar 

  13. Chang, C.-C., Wu, H.-L., & Sun, C.-Y. (2017). Notes on Secure authentication scheme for IoT and cloud servers. Pervasive and Mobile Computing, 38, 275–278.

    Article  Google Scholar 

  14. Von Oheimb, D. (2005). The high-level protocol specification language HLPSL developed in the EU project AVISPA. In Proceedings of APPSEM 2005 workshop, (pp. 1–17).

  15. Abadi, M., Blanchet, B., & Comon-Lundh, H. (2009). Models and proofs of protocol security: A progress report. International Conference on Computer Aided Verification, Springer, (pp. 35–49).

  16. Chaudhry, S. A., Farash, M. S., Naqvi, H., Kumari, S., & Khan, M. K. (2015). An enhanced privacy preserving remote user authentication scheme with provable security. Security and Communication Networks, 8(18), 3782–3795.

    Article  Google Scholar 

  17. Maitra, T., Obaidat, M. S., Amin, R., Islam, S. H., Chaudhry, S. A., & Giri, D. (2017). A robust ElGamal-based password-authentication protocol using smart card for client-server communication. International Journal of Communication Systems, 30(11), e3242.

    Article  Google Scholar 

  18. Dhillon, P. K., & Kalra, S. (2018). Multi-factor user authentication scheme for IoT-based healthcare services. Journal of Reliable Intelligent Environments, 4(3), 141–160.

    Article  Google Scholar 

  19. Xue, K., Hong, P., & Ma, C. (2014). A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. Journal of Computer and System Sciences, 80(1), 195–206.

    Article  MathSciNet  Google Scholar 

  20. Feng, Y., Wang, W., Weng, Y. & Zhang, H. (2017) A replay-attack resistant authentication scheme for the internet of things. in 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), vol. 1, IEEE, (pp. 541–547).

  21. Nikooghadam, M., Jahantigh, R., & Arshad, H. (2017). A lightweight authentication and key agreement protocol preserving user anonymity. Multimedia Tools and Applications, 76(11), 13401–13423.

    Article  Google Scholar 

  22. Kumari, S., Khan, M. K., & Li, X. (2014). An improved remote user authentication scheme with key agreement. Computers & Electrical Engineering, 40(6), 1997–2012.

    Article  Google Scholar 

  23. Alkuhlani, A. M. I., & Thorat, S. (2017). Lightweight anonymity-preserving authentication and key agreement protocol for the internet of things environment. International Conference on Intelligent Information Technologies, Springer, (pp. 108–125).

  24. He, D., & Zeadally, S. (2014). An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet of Things Journal, 2(1), 72–83.

    Article  Google Scholar 

  25. Kalra, S., & Sood, S. K. (2011). Elliptic curve cryptography: survey and its security applications. In Proceedings of the International Conference on Advances in Computing and Artificial. Intelligence, (pp. 102–106).

  26. Wu, S.-T., Chiu, J.-H. & Chieu, B.-C. (2005). ID-based remote authentication with smart cards on open distributed system from elliptic curve cryptography. In textit2005 IEEE International Conference on Electro Information Technology, IEEE,(vol. 5).

  27. Tian, X., Wong, D. S., & Zhu, R. W. (2005). Analysis and improvement of an authenticated key exchange protocol for sensor networks. IEEE Communications Letters, 9(11), 970–972.

    Article  Google Scholar 

  28. Abi-Char, P. E., Mhamed, A. & Bachar, E.-H. (2007). A fast and secure elliptic curve based authenticated key agreement protocol for low power mobile communications. In The 2007 International Conference on Next Generation Mobile Applications, Services and Technologies (NGMAST 2007), IEEE, (pp. 235–240).

  29. Yang, J.-H., & Chang, C.-C. (2009). An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Computers & Security, 28(3–4), 138–143.

    Article  Google Scholar 

  30. Islam, S. H., & Biswas, G. (2011). A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Journal of Systems and Software, 84(11), 1892–1898.

    Article  Google Scholar 

  31. Ray, S. & Biswas, G. (2012). Establishment of ECC-based initial secrecy usable for IKE implementation. In Proceedings of the World Congress on Engineering, (vol. 1).

  32. Granjal, J., Monteiro, E. & Silva, J. S. (2013). End-to-end transport-layer security for Internet-integrated sensing applications with mutual and delegated ECC public-key authentication. In 2013 IFIP Networking Conference, IEEE, (pp. 1–9).

  33. Jiang, R., Lai, C., Luo, J., Wang, X., & Wang, H. (2013). EAP-based group authentication and key agreement protocol for machine-type communications. International Journal of Distributed Sensor Networks, 9(11), 304601.

    Article  Google Scholar 

  34. Hankerson, D., Menezes, A. J., & Vanstone, S. (2006). Guide to elliptic curve cryptography. Berlin: Springer.

    MATH  Google Scholar 

  35. Li, X., Niu, J., Kumari, S., Liao, J., Liang, W., & Khan, M. K. (2016). A new authentication protocol for healthcare applications using wireless medical sensor networks with user anonymity. Security and Communication Networks, 9(15), 2643–2655.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, NIT, Patna, Bihar, India

    Ajay Kumar & Kumar Abhishek

  2. School of Information Engineering, Yangzhou University, Yangzhou, China

    Xuan Liu

  3. Department of Computer Science and Engineering, Sri Eshwar College of Engineering, Coimbatore, TamilNadu, India

    Anandakumar Haldorai

Authors
  1. Ajay Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kumar Abhishek
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xuan Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Anandakumar Haldorai
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ajay Kumar.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kumar, A., Abhishek, K., Liu, X. et al. An Efficient Privacy-Preserving ID Centric Authentication in IoT Based Cloud Servers for Sustainable Smart Cities. Wireless Pers Commun 117, 3229–3253 (2021). https://doi.org/10.1007/s11277-020-07979-8

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-020-07979-8

Keywords

Search

Navigation