LAM-CIoT: Lightweight authentication mechanism in cloud-based IoT environment
Introduction
Information and Communications Technology (ICT) evolves a new kind of communication environment (i.e., Internet of Things (IoT)). Several physical objects (i.e., smart devices) can be interconnected in IoT for exchanging and collecting data over the Internet. IoT has different types of applications, such as smart traffic monitoring, smart home, wearable devices, industries, and smart cities. In a cloud-based IoT environment, cloud based platform is used to store the data of IoT sensors. This environment is highly scalable and provides real time event processing which is very important in some of the critical scenarios (i.e., IoT sensors based surveillance and monitoring). Therefore, IoT based applications become the essential parts of our day-to-day life.
In IoT-based critical applications, the real-time data access is necessary as and when it is required. This could happen when we permit an external parties (users) those who are authorized to access the real-time data directly from the IoT sensors deployed in the network. Once both the user and an accessed IoT sensor mutually authenticate each other, they need to establish a session key. With the help of the established session key, they can securely communicate each other for the real-time data access. For this purpose, we propose a new lightweight authentication mechanism in cloud-based IoT environment, called LAM-CIoT. By using LAM-CIoT, an authenticated user can access the data of IoT sensors remotely and directly.
Though IoT based applications facilitate the day-to-day life of the people, but the IoT environment is vulnerable to different security and privacy issues, such as leakage of confidential information, and various attacks including replay, man-in-the middle, impersonation and denial-of-service attacks. In the presence of these attacks, any unauthorized tasks can be performed by the remote malicious users. As a result, such circumstances can land to trouble for the life of the people who use IoT based applications in their day-to-day life. Furthermore, some of the devices (i.e., IoT sensors) which are used in IoT environment are resource constrained, and therefore we need lightweight security schemes to secure the communication among the participating entities in the IoT environment. In IoT-based critical applications, such as heathcare and battlefield, an external party (called a user) wants to access the real-time data from some designated IoT sensors in the IoT environment because the data available at the gateway nodes (GW) may be live data as the data may be collected at a periodic interval. This is possible when both the user and IoT sensor can mutually authenticate each other, and upon successful authentication they should be able to generate a secure session key among them for their future communication. In addition, the session key construction must be done in such a fashion that even if short term secrets (e.g., random secrets) are compromised to an adversary, it must to lead to compromise past and future session keys established between the user and IoT device over past and future sessions. In other words, the session key security must be guaranteed in a designed user authentication protocol in the IoT environment. To comeback with this issue, we aim to design a secure and lightweight authentication scheme for a cloud-based IoT environment in which a legitimate user and an IoT sensor can authenticate with each other and communicate securely using the established session key.
The contributions of the proposed work are given below.
- •
We propose a new lightweight user authentication and key agreement protocol for cloud-based IoT environment, called LAM-CIoT. LAM-CIoT only uses the efficient and lightweight cryptographic hash functions and bitwise XOR operations. Apart from the these operations, fuzzy extractor method is only applied at the user's end for his/her local biometric verification at the login phase as discussed in Section 4.3.
- •
The “formal security analysis using ROR model” (Abdalla et al., 2005) and “formal security verification using AVISPA tool” (AVISPA, 2017a) are performed for the security part of LAM-CIoT. The informal security is also done to depict the resilience of LAM-CIoT against other possible attacks.
- •
We also provide the comparative study of LAM-CIoT with the closely related existing schemes. LAM-CIoT provides better trade-off between the “security and functionality features, and communication and computation costs” as compared to related schemes.
- •
Finally, for the practical demonstration purpose, we use NS-2 simulator and measure the impact of LAM-CIoT on the network performance parameters. This demonstration and analysis depict the behavior of network and under the implementation of LAM-CIoT.
The network as well as threat models associated with LAM-CIoT are explained in Section 2. The literature survey of related existing protocols is provided in Section 3. Section 4 consists of the details of various phases of LAM-CIoT. The detailed informal and formal security analysis of LAM-CIoT along with the “formal security verification using AVISPA tool” are given in Section 5. The comparative study of LAM-CIoT and closely related existing schemes is given in Section 6. The impact on network performance parameters of LAM-CIoT is also provided in Section 7 using the NS2 simulation. Finally, the paper is concluded in Section 8.
Section snippets
System models
In LAM-CIoT, we follow the following two models for explaining its working and usability.
Related work
Wolf and Serpanos (2018) discussed various security issues in Cyber-Physical System (CPS) and IoT systems. They presented a safety/security threat model for CPS and IoT systems. Ni et al. (2018) reviewed the architecture and characteristics of fog computing. Then, they discussed the roles of fog nodes in IoT applications (i.e., real-time services, data dissemination and decentralized computation). Moreover, they examined several promising IoT applications as per the different roles of fog
The proposed scheme (LAM-CIoT)
In order to explain the working of the proposed LAM-CIoT scheme, we divide the scheme into seven phases: i) pre-deployment, ii) user registration, iii) login, iv) authentication and key agreement, v) password and biometric information update, vi) dynamic IoT sensor addition, and vii) smart card revocation.
LAM-CIoT is designed using the three factors of authentication procedure, which are: 1) smart card SCi of a user Ui, 2) password of Ui and 3) biometrics of Ui. The biometrics is used to
Security analysis
This section provides an extensive security analysis of the proposed LAM-CIoT scheme using both formal and informal analysis. In addition, the formal security verification using the well known AVISPA tool (AVISPA, 2017a) is carried out to assure that LAM-CIoT is resilient against active attacks, such as replay and man-in-the-middle attacks.
Comparative study with related schemes
It is worth noticing that so far no user authentication protocols have been reported in the literature for securing cloud-based IoT environment. Due to this, in this section, we measure the performance of the proposed LAM-CIoT with closely related user authentication schemes in other fields. Thus, the comparative study of LAM-CIoT with other related existing schemes, such as Challa et al.'s scheme (Challa et al., 2017) and Farash et al.'s scheme (Farash et al., 2016) has been performed. The
NS2 simulation study
We have performed the simulation study on LAM-CIoT and other existing related schemes of Challa et al. (2017) and Farash et al. (2016) using the NS2 simulator. We have measured the impact of LAM-CIoT on important network performance parameters, such as throughput (in bits per second, bps) and end-to-end delay (in seconds).
Conclusion
This paper deals with an emerging research area in cloud-based IoT environment. We have presented a lightweight authentication mechanism for securing cloud-based IoT environment (LAM-CIoT) to address security issues needed for it. The rigorous security analysis of LAM-CIoT using formal security using ROR model, formal security verification using AVISPA tool, and also the informal security show that LAM-CIoT can withstand several well-known attacks needed for it. LAM-CIoT supports addition of
Declaration of competing interest
We do not have any conflicts of interest.
Acknowledgments
The authors would like to thank the anonymous reviewers for their constructive feedback.
Mohammad Wazid received M.Tech. degree in Computer Network Engineering from Graphic Era University, Dehradun, India and Ph.D. degree in Computer Science and Engineering from the International Institute of Information Technology, Hyderabad, India. He is currently working as an Associate Professor in the Department of Computer Science and Engineering, Graphic Era University, Dehradun, India. Prior to this, he was working as an Assistant Professor at the Department of Computer Science and
References (40)
- et al.
A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks
Ad Hoc Netw.
(2016) - et al.
Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks
Comput. Network.
(2016) - et al.
A dynamic password-based user authentication scheme for hierarchical wireless sensor networks
J. Netw. Comput. Appl.
(2012) - et al.
Taxonomy and analysis of security protocols for Internet of Things
Future Gener. Comput. Syst.
(2018) - et al.
An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment
Ad Hoc Netw.
(2016) - et al.
An efficient biometric-based remote user authentication scheme using smart cards
J. Netw. Comput. Appl.
(2010) - et al.
Secure and efficient user authentication scheme for multi-gateway wireless sensor networks
Ad Hoc Netw.
(2017) - et al.
A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion
Ad Hoc Netw.
(2014) - et al.
Password-based authenticated key exchange in the three-party setting
Automated Validation of Internet Security Protocols and Applications
(2017)
SPAN, the Security Protocol ANimator for AVISPA
Secure signature-based authenticated key establishment scheme for future IoT applications
IEEE Access
A Provably Secure, Efficient, and flexible authentication scheme for ad hoc wireless sensor networks
IEEE Trans. Wirel. Commun.
Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment
IEEE Trans. Dependable Secure Comput.
An unconditionally secure key management scheme for large-scale heterogeneous wireless sensor networks
Two-factor user authentication in wireless sensor networks
IEEE Trans. Wirel. Commun.
Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards
IET Inf. Secur.
Design of secure and lightweight Authentication protocol for wearable devices environment
IEEE J. Biomed. Health Inf.
Fuzzy extractors: how to generate strong keys from biometrics and other noisy data
Cited by (192)
LAAKA: Lightweight Anonymous Authentication and Key Agreement Scheme for Secure Fog-Driven IoT Systems
2024, Computers and SecurityA Secure Deepfake Mitigation Framework: Architecture, Issues, Challenges, and Societal Impact
2024, Cyber Security and ApplicationsPRLAP-IoD: A PUF-based Robust and Lightweight Authentication Protocol for Internet of Drones
2024, Computer NetworksInternet of things challenges and future scope for enhanced living environments
2024, Advances in ComputersA key exchange system for secure data coordination in healthcare systems
2023, Healthcare AnalyticsPGTCN: A novel password-guessing model based on temporal convolution network
2023, Journal of Network and Computer Applications
Mohammad Wazid received M.Tech. degree in Computer Network Engineering from Graphic Era University, Dehradun, India and Ph.D. degree in Computer Science and Engineering from the International Institute of Information Technology, Hyderabad, India. He is currently working as an Associate Professor in the Department of Computer Science and Engineering, Graphic Era University, Dehradun, India. Prior to this, he was working as an Assistant Professor at the Department of Computer Science and Engineering, Manipal Institute of Technology, Manipal Academy of Higher Education, Manipal, Karnataka, India. He was also a Postdoctoral Researcher at Cyber Security and Networks lab, Innopolis University, Innopolis, Russia. His current research interests include security, remote user authentication, Internet of things (IoT), and cloud computing. He has published more than 60 papers in international journals and conferences in the above areas. He was a recipient of the University Gold Medal and the Young Scientist Award by UCOST, Department of Science and Technology, Government of Uttarakhand, India. He has also received the recognition of “Best Reviewer of 2019” from ICT Express (Elsevier) Journal.
Ashok Kumar Das received a Ph.D. degree in computer science and engineering, an M.Tech. degree in computer science and data processing, and an M.Sc. degree in mathematics from IIT Kharagpur, India. He is currently an Associate Professor with the Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, India. His current research interests include Cryptography, network security, blockchain, security in Internet of Things (IoT), Internet of Vehicles (IoV), Internet of Drones (IoD), smart grids, smart city, cloud/fog computing and industrial wireless sensor networks, and intrusion detection. He has authored over 200 papers in international journals and conferences in the above areas, including over 170 reputed journal papers. Some of his research findings are published in top cited journals, such as the IEEE Transactions on Information Forensics and Security, IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Smart Grid, IEEE Internet of Things Journal, IEEE Transactions on Industrial Informatics, IEEE Transactions on Vehicular Technology, IEEE Transactions on Consumer Electronics, IEEE Journal of Biomedical and Health Informatics (formerly IEEE Transactions on Information Technology in Biomedicine), IEEE Consumer Electronics Magazine, IEEE Access, IEEE Communications Magazine, Future Generation Computer Systems, Computers & Electrical Engineering, Computer Methods and Programs in Biomedicine, Computer Standards & Interfaces, Computer Networks, Expert Systems with Applications, and Journal of Network and Computer Applications. He was a recipient of the Institute Silver Medal from IIT Kharagpur. He is on the editorial board of KSII Transactions on Internet and Information Systems, International Journal of Internet Technology and Secured Transactions (Inderscience), and IET Communications, is a Guest Editor for Computers & Electrical Engineering (Elsevier) for the special issue on Big data and IoT in e-healthcare and for ICT Express (Elsevier) for the special issue on Blockchain Technologies and Applications for 5G Enabled IoT, and has served as a Program Committee Member in many international conferences. He also severed as one of the Technical Program Committee Chairs of the International Congress on Blockchain and Applications (BLOCKCHAIN′19), Avila, Spain, June 2019.
Vivekananda Bhat K received the Ph.D. degree in computer science and engineering from IIT Kharagpur, India and the M.Tech. degree in Systems Analysis and Computer Applications from National Institute of Technology Karnataka, Surathkal, India. He is currently an Associate Professor with the Department of Computer Science and Engineering, Manipal Institute of Technology, Manipal Academy of Higher Education, Manipal, India. His research interests include audio watermarking, digital watermarking, cryptography and information security. He has published several papers in reputed international journals and conferences.
Athanasios V. Vasilakos is recently Professor with the Lulea University of Technology, Sweden. He served or is serving as an Editor for many technical journals, such as the IEEE Transactions on Network and Service management, IEEE Transactions on Cloud Computing, IEEE Transactions on Information Forensics and Security, IEEE Transactions on Cybernetics, IEEE Transactions on Nanobioscience, IEEE Transactions on Information Technology in Biomedicine, IEEE Transactions on Cloud Computing, IEEE Communication Magazine, ACM Transactions on Autonomous and Adaptive Systems, IEEE Journal on Selected Areas in Communications, ACM Transactions on Autonomous and Adaptive Systems, etc. He has published over 700 technical research papers in leading journals and conferences in his areas of research. He is Web of Science 2017 and 2018 Highly Cited Researcher. He is also General Chair of the European Alliances for Innovation (http://www.eai.eu).