Abstract
With the ongoing revolution of Internet-enabled devices, Internet of Things (IoT) has emerged as the most popular networking paradigm. The enormous amount of data generated from smart devices in IoT environment is one of the biggest concerns. Cloud computing has emerged as a key technology to process the generated data. The confidential data of user from IoT devices is stored in cloud server and the remote user can access this data anytime, anywhere and at any place from the cloud server. This makes remote user authentication a critical issue. This paper proposes a lightweight remote user authentication scheme for cloud-IoT applications. The formal security analysis using BAN logic and random oracle model confirms that the scheme is resilient to known security attacks. Furthermore, the scheme is formally verified using AVISPA tool which confirms the security against multiple security attacks.
Similar content being viewed by others
References
An YH (2013) Security improvements of dynamic id-based remote user authentication scheme with session key agreement. In: 15th international conference on advanced communication technology (ICACT) pp 1072–1076
Armando A, Basin D, Cuellar J, Rusinowitch M, Viganò L (2006) Avispa: automated validation of internet security protocols and applications. ERCIM News 64
Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proc R Soc Lond A 426(1871):233–271. https://doi.org/10.1098/rspa.1989.0125
Chandrakar P, Om H (2017) Cryptanalysis and security enhancement of three-factor remote user authentication scheme for multi-server environment. Int J Bus Data Commun Netw 13(1):85–101. https://doi.org/10.4018/IJBDCN.2017010108
Chandrakar P, Om H (2018) An efficient two-factor remote user authentication and session key agreement scheme using rabin cryptosystem. Arab J Sci Eng 43(2):661–673. https://doi.org/10.1007/s13369-017-2709-6
Chang YF, Tai WL, Chang HC (2014) Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. Int J Commun Syst 27(11):3430–3440. https://doi.org/10.1002/dac.2552
Chang V, Kuo YH, Ramachandran M (2016) Cloud computing adoption framework: a security framework for business clouds. Future Gener Comput Syst 57:24–41. https://doi.org/10.1016/j.future.2015.09.031
Chaturvedi A, Mishra D, Jangirala S, Mukhopadhyay S (2017) A privacy preserving biometric-based three-factor remote user authenticated key agreement scheme. J Inf Secur Appl 32:15–26. https://doi.org/10.1016/j.jisa.2016.11.002
Chen TH, Hsiang HC, Shih WK (2011) Security enhancement on an improvement on two remote user authentication schemes using smart cards. Future Gener Comput Syst 27(4):377–380. https://doi.org/10.1016/j.future.2010.08.007
Chen BL, Kuo WC, Wuu LC (2014) Robust smart-card-based remote user password authentication scheme. Int J Commun Syst 27(2):377–389. https://doi.org/10.1002/dac.2368
Chen Y, Chou JS, Liao IC (2016) Improved on an improved remote user authentication scheme with key agreement. IACR Cryptol ePrint Arch. https://doi.org/10.1155/2017/1619741
Chien HY, Jan JK, Tseng YM (2002) An efficient and practical solution to remote authentication: smart card. Comput Secur 21(4):372–375. https://doi.org/10.1016/S0167-4048(02)00415-7
Chung HR, Ku WC, Tsaur MJ (2009) Weaknesses and improvement of Wang et al.’s remote user password authentication scheme for resource-limited environments. Comput Stand Interfaces 31(4):863–868. https://doi.org/10.1016/j.csi.2008.09.020
Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208. https://doi.org/10.1109/TIT.1983.1056650
Duan Q, Yan Y, Vasilakos AV (2012) A survey on service-oriented network virtualization toward convergence of networking and cloud computing. IEEE Trans Netw Serv Manag 9(4):373–392. https://doi.org/10.1109/TNSM.2012.113012.120310
Ham HS, Kim HH, Kim MS, Choi MJ (2014) Linear SVM-based android malware detection for reliable IoT services. J Appl Math. https://doi.org/10.1155/2014/594501
Hao F, Min G, Chen J, Wang F, Lin M, Luo C, Yang LT (2014) An optimized computational model for multi-community-cloud social collaboration. IEEE Trans Serv Comput 7(3):346–358. https://doi.org/10.1109/TSC.2014.2304728
Irshad A, Sher M, Ashraf S, Faisal S, Hassan M (2015) Cryptanalysis for secure and efficient smart-card-based remote user authentication scheme for multi-server environment. IACR Cryptology ePrint Archive 686
Jaspher G, Katherine W, Kirubakaran E, Prakash P (2012) Smart card based remote user authentication schemes—survey. In: Third international conference on computing communication & networking technologies (ICCCNT) pp 1–5. https://doi.org/10.1109/ICCCNT.2012.6395882
Jiang Q, Ma J, Li G, Li X (2015) Improvement of robust smart-card-based password authentication scheme. Int J Commun Syst 28(2):383–393. https://doi.org/10.1002/dac.2644
Kalra S, Sood SK (2015) Secure authentication scheme for IoT and cloud servers. Pervasive Mob Comput 24:210–223. https://doi.org/10.1016/j.pmcj.2015.08.001
Ku WC, Chen SM (2004) Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Trans Consum Electron 50(1):204–207. https://doi.org/10.1109/TCE.2004.1277863
Kumari S, Khan MK, Li X (2014) An improved remote user authentication scheme with key agreement. Comput Electr Eng 40(6):1997–2012. https://doi.org/10.1016/j.compeleceng.2014.05.007
Lee NY, Chiu YC (2005) Improved remote authentication scheme with smart card. Comput Stand Interfaces 27(2):177–180. https://doi.org/10.1016/j.csi.2004.06.001
Lee CC, Li LH, Hwang MS (2002) A remote user authentication scheme using hash functions. ACM SIGOPS Oper Syst Rev 36(4):23–29. https://doi.org/10.1145/583800.583803
Lee SW, Kim HS, Yoo KY (2005) Improvement of Chien et al.’s remote user authentication scheme using smart cards. Comput Stand Interfaces 27(2):181–183. https://doi.org/10.1016/j.csi.2004.02.002
Li X, Niu J, Khan MK, Liao J (2013) An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl 36(5):1365–1371. https://doi.org/10.1016/j.jnca.2013.02.034
Limbasiya T, Soni M, Mishra SK (2018) Advanced formal authentication protocol using smart cards for network applicants. Comput Electr Eng 66:50–63. https://doi.org/10.1016/j.compeleceng.2017.12.045
Nguyen NT, Le HD, Chang CC (2016) Provably secure and efficient three-factor authenticated key agreement scheme with untraceability. Int J Netw Secur 18(2):335–344
Nikooghadam M, Jahantigh R, Arshad H (2017) A lightweight authentication and key agreement protocol preserving user anonymity. Multimed Tools Appl 76(11):13401–13423. https://doi.org/10.1007/s11042-016-3704-8
Odelu V, Das AK, Goswami A (2014) A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Inf Sci 269:270–285. https://doi.org/10.1016/j.ins.2013.10.022
Sharma G, Kalra S (2018a) Advanced multi-factor user authentication scheme for E-governance applications in smart cities. Int J Comput Appl. https://doi.org/10.1080/1206212X.2018.1445352
Sharma G, Kalra S (2018b) Identity based secure authentication scheme based on quantum key distribution for cloud computing. Peer-to-Peer Netw Appl 11(2):220–234. https://doi.org/10.1007/s12083-016-0528-2
Shunmuganathan S, Saravanan RD, Palanichamy Y (2015) Secure and efficient smart-card-based remote user authentication scheme for multiserver environment. Can J Electr Comput Eng 38(1):20–30. https://doi.org/10.1109/CJECE.2014.2344447
Sicari S, Rizzardi A, Grieco LA, Coen-Porisini A (2015) Security, privacy and trust in internet of things: the road ahead. Comput Netw 76:146–164. https://doi.org/10.1016/j.comnet.2014.11.008
Singh D, Tripathi G, Jara AJ (2014) A survey of internet-of-things future vision, architecture, challenges and services. In: IEEE world forum on internet of things (WF-IoT) pp 287–292. https://doi.org/10.1109/WF-IoT.2014.6803174
Song R (2010) Advanced smart card based password authentication protocol. Comput Stand Interfaces 32(5):321–325. https://doi.org/10.1016/j.csi.2010.03.008
Sood SK, Sarje AK, Singh K (2010) An improvement of Xu et al.’s authentication scheme using smart cards. In: Proceedings of the third annual ACM Bangalore conference p 15. https://doi.org/10.1145/1754288.1754303
Sutrala AK, Das AK, Odelu V, Wazid M, Kumari S (2016) Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems. Comput Methods Programs Biomed 135:167–185. https://doi.org/10.1016/j.cmpb.2016.07.028
Teh TY, Lee YS, Cheah ZY, Chin JJ (2017) IBI-mobile authentication: a prototype to facilitate access control using identity-based identification on mobile smart devices. Wirel Pers Commun 94(1):127–144. https://doi.org/10.1007/s11277-016-3320-y
Tsai CS, Lee CC, Hwang MS (2006) Password authentication schemes: current status and key issues. IJ Netw Secur 3(2):101–115
Wang XM, Zhang WF, Zhang JS, Khan MK (2007) Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Comput Stand Interfaces 29(5):507–512. https://doi.org/10.1016/j.csi.2006.11.005
Wang XA, Ma J, Yang X (2015) A new proxy re-encryption scheme for protecting critical information systems. J Ambient Intell Humaniz Comput 6(6):699–711. https://doi.org/10.1007/s12652-015-0261-3
Wang XA, Ma J, Xhafa F, Zhang M, Luo X (2017) Cost-effective secure E-health cloud system using identity based cryptographic techniques. Future Gener Comput Syst 67:242–254. https://doi.org/10.1016/j.future.2016.08.008
Wang XA, Liu Y, Zhang J, Yang X, Zhang M (2018) Improved group-oriented proofs of cloud storage in IoT setting. Concurr Comput Pract Exp 30(21):e4781. https://doi.org/10.1002/cpe.4781
Wei J, Liu W, Hu X (2016) Secure and efficient smart card based remote user password authentication scheme. Int J Netw Secur 18(4):782–792
Xu J, Zhu WT, Feng DG (2009) An improved smart card based password authentication scheme with provable security. Comput Stand Interfaces 31(4):723–728. https://doi.org/10.1016/j.csi.2008.09.006
Yan Z, Zhang P, Vasilakos AV (2014) A survey on trust management for internet of things. J Netw Comput Appl 42:120–134. https://doi.org/10.1016/j.jnca.2014.01.014
Yoon EJ, Ryu EK, Yoo KY (2004) Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Trans Consum Electron 50(2):612–614. https://doi.org/10.1109/TCE.2004.1309437
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Sharma, G., Kalra, S. Advanced lightweight multi-factor remote user authentication scheme for cloud-IoT applications. J Ambient Intell Human Comput 11, 1771–1794 (2020). https://doi.org/10.1007/s12652-019-01225-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-019-01225-1