A lightweight three factor authentication framework for IoT based critical applications

Saqib, Manasha; Jasra, Bhat; Moon, Ayaz Hassan

doi:10.1016/j.jksuci.2021.07.023

Cited by 30 publications

(46 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…IoT is an emerging heterogeneous network industry, and 41 billion IoT devices will be connected to the Internet worldwide. Tese devices will generate 79 Zettabytes of data annually [1].…”

Section: Introductionmentioning

confidence: 99%

A Provable Secure Cross-Verification Scheme for IoT Using Public Cloud Computing

Khan

Zhang

Ali

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

Public cloud computing has become increasingly popular due to the rapid advancements in communication and networking technology. As a result, it is widely used by businesses, corporations, and other organizations to boost the productivity. However, the result generated by millions of network-enabled IoT devices and kept on the public cloud server, as well as the latency in response and safe transmission, are important issues that IoT faces when using the public cloud computing. These concerns and obstacles can only be overcome by designing a robust mutual authentication and secure cross-verification mechanism. Therefore, we have attempted to design a cryptographic protocol based on a simple hash function, xor operations, and the exchange of random numbers. The security of the proposed protocol has formally been verified using the ROR model, ProVerif2.03, and informally using realistic discussion. In contrast, the performance metrics have been analyzed by looking into the security feature, communication, and computation costs. To sum it up, we have compared our proposed security mechanism with the state-of-the-art protocols, and we recommend it to be effectively implemented in the public cloud computing environment.

show abstract

“…IoT is an emerging heterogeneous network industry, and 41 billion IoT devices will be connected to the Internet worldwide. Tese devices will generate 79 Zettabytes of data annually [1].…”

Section: Introductionmentioning

confidence: 99%

A Provable Secure Cross-Verification Scheme for IoT Using Public Cloud Computing

Khan

Zhang

Ali

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Therefore, Fakroon et al proposed a hashbased user authentication scheme utilizing physical context awareness and transaction history. Although their scheme [19] achieves an efficient computational cost, they suffer from a variety of security attacks, including offline password guessing and insider attacks [20].…”

Section: Related Workmentioning

confidence: 99%

A Secure and Anonymous User Authentication Scheme for IoT-Enabled Smart Home Environments Using PUF

Cho

Kwon

et al. 2022

IEEE Access

View full text Add to dashboard Cite

With the continuous development of Internet of Things (IoT) technology, research on smart home environments is being conducted by many researchers. In smart home environments, home users can remotely access and control a variety of home devices such as smart curtains, lights, and speakers placed throughout the house. Despite providing convenient services, including home monitoring, temperature management, and daily work assistance, smart homes can be vulnerable to malicious attacks because all messages are transmitted over insecure channels. Moreover, home devices can be a target for device capture attacks since they are placed in physically accessible locations. Therefore, a secure authentication and key agreement scheme is required to prevent such security problems. In 2021, Zou et al. proposed a two-factor-based authentication and key agreement scheme using elliptic curve cryptography (ECC) in smart home environments. They claimed that their scheme provides user anonymity and forward secrecy. However, we prove that their scheme suffers from forgery, ephemeral secret leakage, and session key disclosure attacks. To overcome the security vulnerabilities of Zou et al.'s scheme and provide home users with secure communication in smart home environments, we propose a secure user authentication scheme using physical unclonable functions (PUF). We utilize Real-or-Random (ROR) model and Burrows-Abadi-Needham (BAN) logic to verify the session key security and mutual authentication of the proposed scheme, respectively. Furthermore, we use the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to simulate the resistance of our scheme to security attacks. After that, we analyze and compare the communication costs, computational consumption, and security functionalities along with related schemes.

show abstract

“…Therefore, a user authentication protocol has been proposed in [40] to address these issues. On the other hand, the scheme based on identity, password, and digital signatures is developed in [41]. However, it is based on PKI, which requires entities to maintain a pair of private and public keys, which increases its computation and communication complexities [42].…”

Section: Related Workmentioning

confidence: 99%

“…However, it is based on PKI, which requires entities to maintain a pair of private and public keys, which increases its computation and communication complexities [42]. The protocols in [43][44][45] are efficient and can solve the problems in [41].However, the scheme in [43] cannot withstand de-synchronization attacks. In addition, it utilizes verification tables during authentication, which are susceptible to stolen verifier attacks [40].…”

Section: Related Workmentioning

confidence: 99%

“…In addition, it utilizes verification tables during authentication, which are susceptible to stolen verifier attacks [40]. Similarly, the protocol in [45] has some security issues that limit its applicability [41]. On its part, the scheme in [44] incurs low latency, storage costs, and power consumption, but its security analysis is not carried out.To boost efficiency and reliability, a smart card-based algorithm is developed in [46].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Energy Efficient Dynamic Symmetric Key Based Protocol for Secure Traffic Exchanges in Smart Homes

Nyangaresi¹,

Abduljabbar

Mutlaq

et al. 2022

Applied Sciences

View full text Add to dashboard Cite

Highly sensitive information about people’s social life and daily activities flows in smart home networks. As such, if attackers can manage to capture or even eavesdrop on this information, the privacy of the users can be compromised. The consequences can be far-reaching, such as knowing the status of home occupancy that can then facilitate burglary. To address these challenges, approaches such as data aggregation and signcryption have been utilized. Elliptic curve cryptography, bilinear pairing, asymmetric key cryptosystem, blockchain, and exponential operations are among the most popular techniques deployed to design these security solutions. However, the computational, storage and communication complexities exhibited by the majority of these techniques are too high. This renders these techniques unsuitable for smart home components such as smart switches and sensors. Some of these schemes have centralized architectures, which present some single points of failure. In this paper, symmetric key authentication procedures are presented for smart home networks. The proposed protocol leverages on cryptographic primitives such as one-way hashing and bitwise exclusive-Or operations. The results indicate that this scheme incurs the lowest communication, storage, and computation costs compared to other related state-of-the-art techniques. Empirically, our protocol reduces the communication and computation complexities by 16.7% and 57.7%, respectively. In addition, it provides backward key secrecy, robust mutual authentication, anonymity, forward key secrecy, and unlinkability. Moreover, it can effectively prevent attacks such as impersonation, session hijacking, denial of service, packet replays, man-in-the-middle, and message eavesdropping.

show abstract

A lightweight three factor authentication framework for IoT based critical applications

Cited by 30 publications

References 45 publications

A Provable Secure Cross-Verification Scheme for IoT Using Public Cloud Computing

A Provable Secure Cross-Verification Scheme for IoT Using Public Cloud Computing

A Secure and Anonymous User Authentication Scheme for IoT-Enabled Smart Home Environments Using PUF

Energy Efficient Dynamic Symmetric Key Based Protocol for Secure Traffic Exchanges in Smart Homes

Contact Info

Product

Resources

About