Abstract
IoT plays important role in the field of inter-networked applications, like physical electronic devices, vehicles, automobile applications, software applications, sensors devices, buildings, government offices and defense departments. IoT application provides strong connectivity between inter-connected devices, which shares valuable data through a common channel. Security is one of the most important key issue in any kind of information system. The IoT application is an information process and sharing between large volumes of users. In this situation, we are in the need of an efficient authentication mechanism for providing secure communication between the users. In this chapter, we have proposed a two factor authentication scheme using Elliptic Curve Cryptography with smart card. The proposed authentication is based on two-factor authentication with smart card and password, which provides high security with minimum computational cost. The proposed scheme generates new session key for every new session with fresh time stamp and nonce value. The proposed scheme needs minimum computation cost compared with the related authentication schemes using smart card.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abdalla M, Fouque P, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: Proceedings of the PKC’05, vol 3386, Lecture Notes in Computer Science, Springer, Interlaken, pp 65–84
Amin R, Biswas GPA (2015) Secure three-factor user authentication and key agreement protocols for TMIS with user anonymity. J Med Syst 39(8):1–19
Amin R, Islam SH, Biswas GP, Khan MK, Kumar N (2015a) An efficient and practical smart card based anonymity preserving user authentication scheme for TMIS using elliptic curve cryptography. J Med Syst 39(11):1–18
Amin R, Islam SH, Biswas GP, Khan MK, Obaidat MS (2015b) Design and analysis of an enhanced patient-server mutual authentication protocol for telecare medical information system. J Med Syst 39(11):1–20
Bellare M, Rogaway P (1994) Entity authentication and key distribution. In: Stinson DR (ed) Advances in cryptology—CRYPTO’ 93. Lecture notes in computer science, vol 773. Springer, New York, pp 232–249
Brown D (2005) Generic groups, collision resistance, and ECDSA. Des Codes Crypt 35(2005):119–152
Brown E (2016) Who needs the internet of things? https://www.linux.com/news/who-needs-internet-things/
Chang CC, Le HD (2016) A provably secure, efficient and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Trans Wirel Commun 15(1):357–366
Chaudhry SA, Naqvi H, Shon T, Sher M, Farash MS (2015) Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J Med Syst 39(6):1–11
Chen CM, Wang KH, Wu TY, Pan JS, Sun HM (2013) A scalable transitive human-verifiable authentication protocol for mobile devices. IEEE Trans Inf Forensics Secur 8(8):1318–1330
Chen CM, Xu L, Wu TY, Li CR (2016a) On the security of a chaotic maps-based three-party authenticated key agreement protocol. J Netw Intell 2:61–65
Chen C-M, Xu L, Fang W, Wu T-Y (2016b) A three-party password authenticated key exchange protocol resistant to stolen smart card attacks. Adv Intell Inf Hiding Multimed Signal Process 2016:331–336
Chen BL, Kuo WC, Wuu LC (2019) Robust smart-card-based remote user password authentication scheme. Int J Commun Syst. https://doi.org/10.1002/dac.2368 (in press)
Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inf Theory 22(6):644–654
Farash MS (2015) Cryptanalysis and improvement of an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks. Int J Netw Manag 25(1):31–51
Farash MS, Attari MA (2014) An enhanced and secure three-party password-based authenticated key exchange protocol without using servers public-keys and symmetric cryptosystems. Inf Technol Control 43(2):143–150
Farash MS, Kumari S, Bakhtiari M (2016) Cryptanalysis and improvement of a robust smart card secured authentication scheme on sip using elliptic curve cryptography. Multimed Tools Appl 75(8):4485–4504
Gope P, Hwang T (2016) An efficient mutual authentication and key agreement scheme preserving strong anonymity of the mobile user in global mobility networks. J Netw Comput Appl 62:1–8
He D, Kumar N, Lee JH, Sherratt RS (2014) Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans Consum Electron 60(1):30–37
IoT-GSI (2015) Internet of things global standards initiative. ITU, Geneva
IoT-SF (2016) Internet of things: science fiction or business fact? Harvard Business Review. November 2014. Retrieved 23 October
Irshad A, Sher M, Faisal MS, Ghani A, Ul Hassan M, Ch SA (2013) A secure authentication scheme for session initiation protocol by using ECC on the basis of the tang and liu scheme. Secur Commun Netw 7(8):1210–1218
Islam SH, Khan MK (2014) Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J Med Syst 38(10):1–16
ITU (2012) International Telecommunication Union, overview of the internet of things, recommendation ITU-T Y.2060
Juang WS, Chen ST, Liaw HT (2008) Robust and efficient password-authenticated key agreement using smart card. IEEE Trans Ind Electron 55(6):2551–2556
Kim H-S, Lee S-W, Yoo K-Y (2003) ID-based password authentication scheme using smart cards and fingerprints. ACM SIGOPS Oper Syst Rev 37(4):32–41
Lai H, Xiao J, Li L, Yang Y (2012) Applying semigroup property of enhanced chebyshev polynomials to anonymous authentication protocol. Math Problems Eng 2012:454823. https://doi.org/10.1155/2012/454823
Lee TF, Hwang T (2011) Provably secure and efficient authentication techniques for the global mobility network. J Syst Softw 84(10):1717–1725
Li CT, Hwang MS, Chu YP (2008) A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Comput Commun 31(12):2803–2814
Li XX, Qiu WD, Zheng D, Chen KF, Li JH (2010) Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans Ind Electron 57(2):793–800
Li W, Wen Q, Su Q, Jin Z (2012) An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network. Comput Commun 35(2):188–195
Li X, Wen Q, Zhang H, Jin Z (2013a) An improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks. Int J Netw Manag 23(5):311–324
Li X, Niu J, Khan MK, Liao J (2013b) An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl. https://doi.org/10.1016/j.jnca.2013.02.034 (in press)
Li X, Niu J, Kumari S, Khan MK, Liao J, Liang W (2015) Design and analysis of a chaotic maps-based three-party authenticated key agreement protocol. Nonlinear Dyn 80(3):1209–1220
Lindner T (2015) The supply chain: changing at the speed of technology. Connected World. Retrieved 18 September
Lu Y, Li L, Peng H, Yang Y (2015) An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J Med Syst 39(3):1–8
Mattern F, Floerkemeier C (2016) From the internet of computers to the internet of things. ETH Zurich, Zurich (Retrieved 23 October)
Mishra D, Mukhopadhyay S, Chaturvedi A, Kumari S, Khan MK (2014) Cryptanalysis and improvement of Yan et al.’s biometric-based authentication scheme for telecare medicine information systems. J Med Syst 38(6):1–12
Niu YJ, Wang XY (2011) An anonymous key agreement protocol based on chaotic maps. Commun Nonlinear Sci Numer Simul 16(4):1986–1992
Reddy AS (2016) Reaping the benefits of the internet of things. Cognizant, Teaneck (Retrieved 23 October)
Santucci G (2016) The internet of things: between the revolution of the internet and the metamorphosis of objects. European Commission Community Research and Development Information Service (Retrieved 23 October)
Secure Hash Standard (2005) FIPS PUB 180-1. National Institute of Standards and Technology (NIST), U.S. Department of Commerce, 1995. http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf. Accessed Sep 2015
Shoup V (2005) Sequences of games: a tool for taming complexity in security proofs. https://www.shoup.net/papers/games.pdf
Song R (2010) Advanced smart card based password authentication protocol. Comput Standards Interfaces 32(5):321–325
Sun DZ, Huai JP, Sun JZ, Li JX, Zhang JW, Feng ZY (2009) Improvements of juang et al.’s password-authenticated key agreement scheme using smart cards. IEEE Trans Ind Electron 56(6):2284–2291
Sun HM, He BZ, Chen CM, Wu TY, Lin CH, Wang H (2015) A provable authenticated group key agreement protocol for mobile environment. Inf Sci 321:224–237
Tseng HR, Jan RH, Yang W (2009) A chaotic maps-based key agreement protocol that preserves user anonymity. In: IEEE international conference on communications, ICC09, Dresden, Germany, pp 1–6
Vanstone S (1992) Responses to NIST’s proposal. Commun ACM 35(7):50–52
Vermesan O, Friess P (2013) Internet of things: converging technologies for smart environments and integrated ecosystems. River Publishers, Aalborg. ISBN 978-87-92982-96-4
Wazid M, Das AK, Kumari S, Li X, Wu F (2016) Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS. Secur Commun Netw 13(10):1983–2001
Wu S, Chen K (2012) An efficient key-management scheme for hierarchical access control in e-medicine system. J Med Syst 36(4):2325–2337
Xie Q, Hu B, Wu T (2015) Improvement of a chaotic maps-based three-party password-authenticated key exchange protocol without using servers public key and smart card. Nonlinear Dyn 79(4):2345–2358
Xu X, Zhu P, Wen Q, Jin Z, Zhang H, He L (2013) A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information system. J Med Syst 38(1):1–7
Xu X, Zhu P, Wen Q, Jin Z, Zhang H, He L (2014) A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems. J Med Syst 38:9994
Xue KP, Hong PL (2012) Security improvement on an anonymous key agreement protocol based on chaotic maps. Commun Nonlinear Sci Numer Simul 17(7):2969–2977
Yeh HL, Chen TH, Shih WK (2014) Robust smart card secured authentication scheme on sip using elliptic curve cryptography. Comput Standards Interfaces 36(2):397–402
Zhang L, Zhu S, Tang S (2017) Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme. IEEE J Biomed Health Inf 21(2):465–475
Zhao F, Gong P, Li S, Li M, Li P (2013) Cryptanalysis and improvement of a three-party key agreement protocol using enhanced chebyshev polynomials. Nonlinear Dyn 74(1–2):419–427
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Karthigaiveni, M., Indrani, B. An efficient two-factor authentication scheme with key agreement for IoT based E-health care application using smart card. J Ambient Intell Human Comput (2019). https://doi.org/10.1007/s12652-019-01513-w
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s12652-019-01513-w