Abstract
In 2019, Banerjee et al. (IEEE Int Things J 6(5):8739–8752, 2019; https://doi.org/10.1109/JIOT.2019.2931372) proposed an authenticated key agreement scheme to facilitate the session establishment resulting into a session key between a user and a smart device for IoT based networks. As per their claim, the scheme of Banerjee et al. provides known security features and resist all known attacks using only lightweight symmetric key primitives. The analysis in this paper; however, shows that the scheme of Banerjee et al. cannot complete normally. The user in their scheme, after sending a request message may never receive the response from smart device. This incorrectness results into total in applicability of Banerjee et al.’s scheme. Moreover, it is also shown that their scheme has weaknesses against stolen verifier attack. Then an improved lightweight authentication scheme for IoT deployments (ILAS-IoT) is proposed in this article. ILAS-IoT performs the process correctly by increasing very little computation and communication overheads. The proposed ILAS-IoT also resists stolen verifier and all known attacks, which is evident from the formal and informal security analysis.
Similar content being viewed by others
References
Abdalla M, Fouque PA, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: International Workshop on Public Key Cryptography. Springer, Berlin, pp 65–84
Alamer A (2020) An efficient group signcryption scheme supporting batch verification for securing transmitted data in the internet of things. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-020-02076-x
Ali Z, Chaudhry SA, Ramzan MS, Al-Turjman F (2020) Securing smart city surveillance: a lightweight authentication mechanism for unmanned vehicles. IEEE Access. https://doi.org/10.1109/ACCESS.2020.2977817
Amin R, Kumar N, Biswas G, Iqbal R, Chang V (2018) A light weight authentication protocol for iot-enabled devices in distributed cloud computing environment. Future Gener Comput Syst 78:1005–1019
Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54(15):2787–2805
Banerjee S, Odelu V, Kumar DA (2019) A provably secure and lightweight anonymous user authenticated session key exchange scheme for internet of things deployment. IEEE Int Things J 6(5):8739–8752
Campioni F, Choudhury S, Al-Turjman F (2019) Scheduling rfid networks in the iot and smart health era. J Ambient Intell Human Comput 10(10):4043–4057
Challa S, Das AK, Gope EA (2018) Design and analysis of authenticated key agreement scheme in cloud-assisted cyber–physical systems. Future Gener Comput Syst 108:1267–1286
Chang CC, Le HD (2015) A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Trans Wirel Commun 15(1):357–366
Chaudhry SA, Shon T, Al-Turjman F, Alsharif MH (2020) Correcting design flaws: an improved and cloud assisted key agreement scheme in cyber physical systems. Comput Commun 153:527–537. https://doi.org/10.1016/j.comcom.2020.02.025
Chen M, Miao Y, Jian X, Wang X, Humar I (2018) Cognitive-lpwan: towards intelligent wireless services in hybrid low power wide area networks. IEEE Trans Green Commun Netw 3(2):409–417
Chen M, Hao Y, Gharavi H, Leung V (2019a) Cognitive information measurements: a new perspective. Inf Sci 505:487–497
Chen M, Hao Y, Gharavi H, Leung V (2019b) Label-less learning for emotion cognition. IEEE Trans Neural Netw Learn Syst 31(7):2430–2440
Chen M, Jiang Y, Cao Y, Zomaya AY (2019c) CreativeBioMan: a brain- and body-wearable, computing-based, creative gaming system. IEEE Syst Man Cybernetics Magazine 6(1):14–22. https://doi.org/10.1109/MSMC.2019.2929312
Chen M, Jiang Y, Guizani N, Zhou J, Tao G, Yin J, Hwang K (2020) Living with i-fabric: smart living powered by intelligent fabric and deep analytics. IEEE Netw 1–8
Das AK, Kumari S, Odelu V, Li X, Wu F, Huang X (2016) Provably secure user authentication and key agreement scheme for wireless sensor networks. Secur Commun Netw 9(16):3670–3687
Dhillon PK, Kalra S (2017) Secure multi-factor remote user authentication scheme for internet of things environments. Int J Commun Syst 30(16):e3323
Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208
Ferrag MA, Maglaras LA, Janicke H, Jiang J, Shu L (2017) Authentication protocols for internet of things: a comprehensive survey. Secur Commun Netw 2017, Article ID 6562953
Ghani A, Mansoor K, Mehmood S et al (2019) Security and key management in iot based wireless sensor networks: an authentication protocol using symmetric key. Int J Commun Syst 32:16. https://doi.org/10.1002/dac.4139
Granjal J, Monteiro E, Silva JS (2015) Security for the internet of things: a survey of existing protocols and open research issues. IEEE Commun Surv Tutorials 17(3):1294–1312
Gubbi J, Buyya R, Marusic S, Palaniswami M (2013) Internet of things (iot): a vision, architectural elements, and future directions. Future Gener Comput Syst 29(7):1645–1660
Hao Y, Chen M, Cao D, Zhao W, Smeliansky R (2020) Cognitive-caching: cognitive wireless mobile caching by learning fine-grained caching-aware indicators. IEEE Wirel Commun 27(1):100–106
Hassan MU, Chaudhry SA, Irshad A et al (2020) An improved sip authenticated key agreement based on dongqing. Wirel Pers Commun 110(4):2087–2107
He D, Kumar N, Khan MK, Lee JH (2013) Anonymous two-factor authentication for consumer roaming service in global mobility networks. IEEE Trans Consum Electron 59(4):811–817
He D, Kumar N, Chen J, Lee CC, Chilamkurti N, Yeo SS (2015) Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Syst 21(1):49–60
He D, Kumar N, Wang H, Wang L, Choo KR, Vinel A (2018) A provably-secure cross-domain handshake scheme with symptoms-matching for mobile healthcare social network. IEEE Trans Dependable Secure Comput 15(4):633–645
Hsu HH, Chen BK, Lin CY, Barolli L, Takizawa M (2011) Danger warning via fuzzy inference in an rfid-deployed environment. J Ambient Intell Human Comput 2(4):285–292
Hussain S, Chaudhry SA (2019) Comments on “biometrics-based privacy-preserving user authentication scheme for cloud-based industrial internet of things deployment”. IEEE Internet Things J 6(6):10936–10940. https://doi.org/10.1109/JIOT.2019.2934947
Irshad A, Usman M, Ashraf Chaudhry S, Naqvi H, Shafiq M (2020) A provably secure and efficient authenticated key agreement scheme for energy internet based vehicle-to-grid technology framework. IEEE Trans Indust Appl. https://doi.org/10.1109/TIA.2020.2966160
Jiang Q, Ma J, Li G, Yang L (2014) An efficient ticket based authentication protocol with unlinkability for wireless access networks. Wirel Pers Commun 77(2):1489–1506
Jie Y, Pei JY, Jun L, Yun G, Wei X (2013) Smart home system based on iot technologies. In: 2013 International Conference on Computational and Information Sciences, IEEE, pp 1789–1791
Karthika P, Vidhya Saraswathi P (2020) Iot using machine learning security enhancement in video steganography allocation for raspberry pi. J Ambient Intell Humaniz Comput
Khalil N, Abid MR, Benhaddou D, Gerndt M (2014) Wireless sensors networks for internet of things. In: 2014 IEEE ninth international conference on Intelligent sensors, sensor networks and information processing (ISSNIP), IEEE, pp 1–6
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Wiener M (ed) Advances in cryptology – CRYPTO’ 99. Springer, Heidelberg, pp 388–397
Li CT, Wu TY, Chen CL, Lee CC, Chen CM (2017) An efficient user authentication and user anonymity scheme with provably security for iot-based medical care system. Sensors 17(7):1482
Li CT, Lee CC, Weng CY, Chen CM (2018a) Towards secure authenticating of cache in the reader for rfid-based iot systems. Peer-to-Peer Netw Appl 11(1):198–208
Li X, Niu J, Kumari S, Wu F, Sangaiah AK, Choo KKR (2018b) A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments. J Netw Comput Appl 103:194–204
Li W, Xuelian L, Gao J, Wang HY (2019) Design of secure authenticated key management protocol for cloud computing environments. IEEE Trans Depend Secure Comput. https://doi.org/10.1109/TDSC.2019.2909890
Lu H, Zhang Y, Li Y, Jiang C, Abbas H (2020) User-oriented virtual mobile network resource management for vehicle communications. IEEE Trans Intell Trans Syst. https://doi.org/10.1109/TITS.2020.2991766
Mahmood K, Arshad J, Chaudhry SA, Kumari S (2019) An enhanced anonymous identity-based key agreement protocol for smart grid advanced metering infrastructure. Int J Commun Syst 32:16
Makhdoom I, Abolhasan M, Lipman J (2018) Anatomy of threats to the internet of things. IEEE Commun Surv Tutorials 21(2):1636–1675
Mansoor K, Ghani A, Chaudhry SA, Shamshirband S, Ghayyur SAK (2019) Securing iot based rfid systems: a robust authentication protocol using symmetric cryptography. Sensors 19:21. https://doi.org/10.3390/s19214752
Mathapati M, Kumaran TS et al (2020) Secure routing scheme with multi-dimensional trust evaluation for wireless sensor network. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-020-02169-7
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552
Mishra M, Choudhury P, Pati B (2020) Modified ride-nn optimizer for the iot based plant disease detection. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-020-02051-6
Mukherjee A, Ghosh S, Behere A, Ghosh SK, Buyya R (2020) Internet of health things (ioht) for personalized health care using integrated edge-fog-cloud network. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-020-02113-9
Porambage P, Schmitt C, Kumar Pea (2014) Two-phase authentication protocol for wireless sensor networks in distributed iot applications. In: 2014 IEEE Wireless Communications and Networking Conference (WCNC), IEEE, pp 2728–2733
Selvakanmani S, Sumathi M (2020) Fuzzy assisted fog and cloud computing with miot system for performance analysis of health surveillance system. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-020-02156-y
Shakshuki EM, Malik H, Yasar AUH (2020) Special issue on ubiquitous computing in the iot revolution. J Ambient Intell Human Comput 11(6):2203–2204
Syverson P, Cervesato I (2000) The logic of authentication protocols. In: International school on foundations of security analysis and design. Springer, Berlin, pp 63–137
Thyagarajan J, Kulanthaivelu S (2020) A joint hybrid corona based opportunistic routing design with quasi mobile sink for iot based wireless sensor network. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-020-02116-6
Turkanović M, Brumen B, Hölbl M (2014) A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Netw 20:96–112
Wang D, Cheng H, Wang P, Huang X, Jian G (2017) Zipf’s law in passwords. IEEE Trans Inf Forensics Secur 12(11):2776–2791
Wu F, Xu L, Kumari S, Li X, Das AK, Shen J (2018) A lightweight and anonymous rfid tag authentication protocol with cloud assistance for e-healthcare applications. J Ambient Intell Human Comput 9(4):919–930
Zahra SR, Chishti MA (2020) Fuzzy logic and fog based secure architecture for internet of things (flfsiot). J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-020-02128-2
Zhang P, Lin C, Jiang Y, Fan Y, Shen X (2013) A lightweight encryption scheme for network-coded mobile ad hoc networks. IEEE Trans Parallel Distrib Syst 25(9):2211–2221
Zhang Y, Li Y, Wang R, Hossain MS, Lu H (2020) Multi-aspect aware session-based recommendation for intelligent transportation services. IEEE Trans Intell Transp Syst. https://doi.org/10.1109/TITS.2020.2990214
Zhou Z, Wang P, Li Z (2019) A quadratic residue-based rfid authentication protocol with enhanced security for tmis. J Ambient Intell Human Comput 10(9):3603–3615
Acknowledgements
This Project was funded by the Deanship of Scientific Research (DSR) at King Abdulaziz University, Jeddah, under grant no. RG-7-611-40. The authors, therefore, acknowledge with thanks DSR for technical and financial support.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Alzahrani, B.A., Chaudhry, S.A., Barnawi, A. et al. ILAS-IoT: An improved and lightweight authentication scheme for IoT deployment. J Ambient Intell Human Comput 13, 5123–5135 (2022). https://doi.org/10.1007/s12652-020-02349-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-020-02349-5