A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers

Kumari, Saru; Karuppiah, Marimuthu; Das, Ashok Kumar; Li, Xiong; Wu, Fan; Kumar, Neeraj

doi:10.1007/s11227-017-2048-0

Cited by 199 publications

(169 citation statements)

References 35 publications

Supporting

Mentioning

169

Contrasting

Order By: Relevance

“…In 2015, Kalra and Sood [53] reported an authentication scheme to connect resource-constrained devices (tiny devices) to the cloud server using Elliptic Curve Cryptography (ECC) for Internet of Things (IoT). However, in 2017, S. Kumari et al [48] have shown that Kalra and Sood's scheme [53] is vulnerable to offline password guessing and privileged insider attacks and does not achieve device anonymity, session key agreement and mutual authentication. To mitigate these vulnerabilities, S. Kumari et al [48] proposed a secure authentication scheme based on ECC for IoT and cloud.…”

Section: Issues In Recent Single Server Akap For Cloud Platformmentioning

confidence: 99%

“…However, in 2017, S. Kumari et al [48] have shown that Kalra and Sood's scheme [53] is vulnerable to offline password guessing and privileged insider attacks and does not achieve device anonymity, session key agreement and mutual authentication. To mitigate these vulnerabilities, S. Kumari et al [48] proposed a secure authentication scheme based on ECC for IoT and cloud. In this scheme, authors have claimed that their scheme achieves all security requirements and is resistant to various known attacks as compared to the Kalra and Sood's scheme.…”

Section: Issues In Recent Single Server Akap For Cloud Platformmentioning

confidence: 99%

“…The calculation of computation, communication and storage cost respectively, of the proposed protocol is given as follows: In [48], CPU time required to calculate T_h and T_m is 2.3 and 22.26 microseconds. Therefore, in our scheme, the total number of computations required is 9T_h + 6T_m which is equal to 13376.7 microseconds.…”

Section: (3) Communication Rounds (Cr)mentioning

confidence: 99%

“…This leads to opening up a security problem as the communication takes place over insecure channel for accessing services. Towards this solution, a number of single server-based authentication and key agreement protocols are reported in the recent literature [48]- [51], [53]- [59].…”

Section: Introductionmentioning

confidence: 99%

“…The existing state-of-the-art authentication protocols [48]- [51], [53]- [59] provide security in the cloud environment and they follow a single server-based authentication mechanism. In order to achieve mutual authentication, all clients must interact with a particular authentication server.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

An Efficient Two-Server Authentication and Key Exchange Protocol for Accessing Secure Cloud Services

Chattaraj¹,

Sarma²,

Samanta³

2018

JJCIT

View full text Add to dashboard Cite

show abstract

Section: Issues In Recent Single Server Akap For Cloud Platformmentioning

confidence: 99%

Section: Issues In Recent Single Server Akap For Cloud Platformmentioning

confidence: 99%

Section: (3) Communication Rounds (Cr)mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

An Efficient Two-Server Authentication and Key Exchange Protocol for Accessing Secure Cloud Services

Chattaraj¹,

Sarma²,

Samanta³

2018

JJCIT

View full text Add to dashboard Cite

show abstract

A scalable and secure RFID mutual authentication protocol using ECC for Internet of Things

Naeem

Chaudhry

Mahmood

et al. 2019

Int J Communication

View full text Add to dashboard Cite

SummaryVery recently, Alamr et al (J. Supercomput 1‐14 doi: 10.1007/s11227‐016‐1861‐1) presented a radio frequency identifier (RFID) authentication protocol for the Internet of Things (IoT) through elliptic curve cryptography (ECC). They claimed the protocol to achieve several security properties and thwart all known attacks. However, this paper shows that their scheme is having correctness and scalability issues. The reader in their protocol can accommodate only one tag, which is not desirable in the IoT environments. The paper finally suggests an improvement to cater the correctness and scalability issues.

show abstract

Secure communication in CloudIoT through design of a lightweight authentication and session key agreement scheme

Nikooghadam

Amintoosi

2020

Int J Communication

View full text Add to dashboard Cite

Internet of Things (IoT) is a newly emerged paradigm where multiple embedded devices, known as things, are connected via the Internet to collect, share, and analyze data from the environment. In order to overcome the limited storage and processing capacity constraint of IoT devices, it is now possible to integrate them with cloud servers as large resource pools. Such integration, though bringing applicability of IoT in many domains, raises concerns regarding the authentication of these devices while establishing secure communications to cloud servers. Recently, Kumari et al proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that it satisfies all security requirements and is secure against various attacks. In this paper, we first prove that the scheme of Kumari et al is susceptible to various attacks, including the replay attack and stolen-verifier attack. We then propose a lightweight authentication protocol for secure communication of IoT embedded devices and cloud servers. The proposed scheme is proved to provide essential security requirements such as mutual authentication, device anonymity, and perfect forward secrecy and is robust against security attacks. We also formally verify the security of the proposed protocol using BAN logic and also the Scyther tool. We also evaluate the computation and communication costs of the proposed scheme and demonstrate that the proposed scheme incurs minimum computation and communication overhead, compared to related schemes, making it suitable for IoT environments with low processing and storage capacity.

show abstract

A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers

Cited by 199 publications

References 35 publications

An Efficient Two-Server Authentication and Key Exchange Protocol for Accessing Secure Cloud Services

An Efficient Two-Server Authentication and Key Exchange Protocol for Accessing Secure Cloud Services

A scalable and secure RFID mutual authentication protocol using ECC for Internet of Things

Secure communication in CloudIoT through design of a lightweight authentication and session key agreement scheme

Contact Info

Product

Resources

About